A bit off-topic, but... If you're using PHP 5.1+, I'd suggest the PDO library. It's straightforward, and widely used as a core part of PHP. http://www.php.net/manual/en/ref.pdo.php http://www.php.net/manual/en/function.PDO-prepare.php
If you need something a bit more backward compatible, there are several with varying purposes/feature sets. ADODB is pretty straightforward, easy to used, and seems to be well received by developers. It's certainly much easier than the "pre-PDO" way of doing things; it has some good convenience methods too. http://adodb.sourceforge.net/ http://phplens.com/lens/adodb/docs-adodb.htm One of my developers used Creole in the past at another company, and had good things to say. http://creole.phpdb.org/trac/ TAG On Apr 16, 2007, at 11:17 AM, Michael Peters wrote: > rubhadubh wrote: >> WRT SQL injection attack, yes, I would normally wrap the inputs in a >> function that strips out any illegal characters - it would be >> distracting in my posted example though. Is that the sort of thing >> you >> had in mind? > > In this case since a sortable returns a pretty defined set of > things, input > manipulation is passable. Although you should never try to strip > out offending > characters. Instead you should only allow legitimate characters. > But that only > works in cases where the input is strictly defined. If you switch > to using bind > params in your SQL then you have a solution that works in all > cases. I'm not > sure about the specifics of how to do this in PHP (I'm a Perl guy) > but the > concept should be basically the same. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
