php-windows Digest 15 Feb 2012 13:56:00 -0000 Issue 4004

Wed, 15 Feb 2012 05:56:49 -0800 

php-windows Digest 15 Feb 2012 13:56:00 -0000 Issue 4004

Topics (messages 30772 through 30774):

Re: SQL injection - mysql_real_escape_string()?
        30772 by: Ariz Jacinto
        30773 by: Jacob Kruger
        30774 by: Jacob Kruger

Administrivia:

To subscribe to the digest, e-mail:
        php-windows-digest-subscr...@lists.php.net

To unsubscribe from the digest, e-mail:
        php-windows-digest-unsubscr...@lists.php.net

To post to the list, e-mail:
        php-wind...@lists.php.net


----------------------------------------------------------------------
--- Begin Message --- 
Hi Jacob,

Yes, you need to do more than just using mysql_real_escape_string()
solely. I recommend the book "SQL Antipatterns: Avoiding the Pitfalls
of Database Programming" by Bill Karwin

http://www.amazon.com/SQL-Antipatterns-Programming-Pragmatic-Programmers/dp/1934356557

--- End Message ---
--- Begin Message --- OK, I know they reckon using things like parameterised queries is best, and that's what have done in past with things like MSSQL server, etc., but only issue is I would like to be sure all instances of a mySQL server would support this, aside from checking PHPInfo all the time, but let me look around a bit more, and, yes, am already doing my own versions of data entry validation as well, but still...<smile> 

Stay well

Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'
----- Original Message ----- From: "Ariz Jacinto" <acjaci...@gmail.com> 
To: <php-wind...@lists.php.net>
Sent: Monday, February 13, 2012 8:06 AM
Subject: Re: [PHP-WIN] SQL injection - mysql_real_escape_string()?



Hi Jacob,

Yes, you need to do more than just using mysql_real_escape_string()
solely. I recommend the book "SQL Antipatterns: Avoiding the Pitfalls
of Database Programming" by Bill Karwin

http://www.amazon.com/SQL-Antipatterns-Programming-Pragmatic-Programmers/dp/1934356557

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--- End Message ---
--- Begin Message --- Ok, while did find some tutorial material on mysqli, etc., neither my wamp installation, or my online hosting server seem to support it at all, but anyway. 

Stay well

Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'
----- Original Message ----- From: "Jacob Kruger" <jac...@mailzone.co.za> 
To: <php-wind...@lists.php.net>
Sent: Monday, February 13, 2012 7:38 AM
Subject: [PHP-WIN] SQL injection - mysql_real_escape_string()?
Just wondering if anyone else specifically does more than using mysql_real_escape_string function to check freely entered text values before processing queries to a mysql database as such? 

Stay well

Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'

--- End Message ---

Reply via email to