[thelist] What tools should I use?
Matt Warden
mwarden at gmail.com
Mon Sep 12 13:04:40 CDT 2005
On 9/12/05, Robert Gormley <robert at pennyonthesidewalk.com> wrote:
> > 3. PHP setup varies immensely. e.g.; to protect against SQL
> > injection and to allow ' in form input, you should use the
> > addslashes function on all content from the browser,
>
> Ideally, you should use prepared/parameterised statements, ie
> mysql_prepare_stmt
Just for the escaping? As far as I know, PHP does not support prepared
statements, in the traditional sense. It is just something fudged by
libraries like PEAR::DB, no?
--
Matt Warden
Miami University
Oxford, OH, USA
http://mattwarden.com
This email proudly and graciously contributes to entropy.
More information about the thelist
mailing list