Oh snap! Personally, I like the flexibility PHP gives you in determining what you can put in your queries and with PHP 5+, using the filter functions and querying a MySQL DB with mysqli is a full proof method of preventing SQL injection.
- jake On 9/26/07, Kenneth Downs <[EMAIL PROTECTED]> wrote: > > From: http://www.eweek.com/article2/0,1759,2188714,00.asp > > Q: How can sites protect themselves against SQL injection? > A: The best defense is to design your database-backed Web site properly to > make sure it always separates SQL code and user data. You basically have a > choice between programming tools that are specifically designed to prevent > you from making this kind of mistake and those that allow you to get into > trouble if you're not careful. Roughly speaking, this corresponds to the > difference between the newer Microsoft .Net tools and their older tools or > open source frameworks like PHP. -- > Kenneth Downs > Secure Data Software, Inc. > www.secdat.com www.andromeda-project.org > 631-689-7200 Fax: 631-689-0527 > cell: 631-379-0010 > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
