Google
  Web www.spinics.net

Re: SQL injection - mysql_real_escape_string()?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
OK, I know they reckon using things like parameterised queries is best, and that's what have done in past with things like MSSQL server, etc., but only issue is I would like to be sure all instances of a mySQL server would support this, aside from checking PHPInfo all the time, but let me look around a bit more, and, yes, am already doing my own versions of data entry validation as well, but still...<smile> 

Stay well

Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'
----- Original Message ----- From: "Ariz Jacinto" <acjacinto@xxxxxxxxx> 
To: <php-windows@xxxxxxxxxxxxx>
Sent: Monday, February 13, 2012 8:06 AM
Subject: Re:  SQL injection - mysql_real_escape_string()?



Hi Jacob,

Yes, you need to do more than just using mysql_real_escape_string()
solely. I recommend the book "SQL Antipatterns: Avoiding the Pitfalls
of Database Programming" by Bill Karwin

http://www.amazon.com/SQL-Antipatterns-Programming-Pragmatic-Programmers/dp/1934356557

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP Home]     [PHP Users]     [PHP Install]     [PHP on Windows]     [Programming PHP]     [Kernel Newbies]     [Rice Cooker]     [Home]     [Yosemite News]     [Yosemite Photos]     [PHP Books]

Powered by Linux