On Thu, May 14, 2015 at 9:05 PM, Karl DeSaulniers <k...@designdrumm.com>

> Hello Everyone,
> Have a quick question. Was reading some material and wanted some Players
> perspective.
> I know w3schools is not the de-facto on everything, so I wanted to know
> how reliable is the information on this page.
> http://www.w3schools.com/sql/sql_injection.asp
> Namely the @ symbol before SQL Values and because this talks about SQL and
> not MySQL specifically, does this not apply to MySQL?
> To my uneducated eyes it seems legit. Any clarification is greatly
> appreciated.
> TIA,
> Best,
> Karl DeSaulniers
> Design Drumm
> http://designdrumm.com
That is preferred in PHP as well. The SQL/MySQL isn't specifically doing
the replacement, but rather the driver object. Using parametrized queries:


Reply via email to