[phpGroupWare-developers] Security: PDO for db-class is preventing sql-injections

Sigurd Nes Tue, 19 Aug 2008 09:49:17 -0700

Sigurd Nes wrote:


Any interest in the super-quick PDO-version of the db-class?
http://savannah.gnu.org/patch/index.php?6572

Follow up:

Looks like PDO is preventing sql-injections as it does not allows multiplestatementents in a single query.


Example:

'SELECT * FROM table1; DELETE FROM table2' - will fail with a 'cannot insertmultiple commands into a prepared statement' even though it is not a preparedstatement.



Regards

Sigurd


_______________________________________________
phpGroupWare-developers mailing list
phpGroupWare-developers@gnu.org
http://lists.gnu.org/mailman/listinfo/phpgroupware-developers

[phpGroupWare-developers] Security: PDO for db-class is preventing sql-injections

Reply via email to