[thelist] Keeping PHP forms secure
Chris Spruck
cspruck at mindspring.com
Tue Aug 7 11:40:07 CDT 2007
>[snip]
>Regular expressions? Does PHP really lack a parameterized SQL execute
>function?!
>[/snip]
Not really. I think by "parameterized SQL execute function" David meant PDO (PHP Data Objects).
http://php.net/pdo - "PDO ships with PHP 5.1, and is available as a PECL extension for PHP 5.0; PDO requires the new OO features in the core of PHP 5, and so will not run with earlier versions of PHP." PDO uses db-specific drivers, so your installation may vary.
Look on the PDO page above for "prepared statements" and examples 1712-1714 - looks very much like whomever's Perl sample that was.
Chris
More information about the thelist
mailing list