+ Reply to Thread
Results 1 to 3 of 3

Thread: Does PHP PDO need injection prevention?

  1. 08-18-2010 04:17 PM #1
    djalam
    djalam is offline     x10Hosting Member djalam is an unknown quantity at this point
    Join Date
    Jan 2008
    Posts
    71

    Talking Does PHP PDO need injection prevention?

    This is probably a stupid question, but i'll ask it anyways,
    Through mysql_connect you need to do all sorts of stuff to prevent database injection etc magic quotes ...etc

    Anywho, do we have to take some kind of provisions for PDO as well if we will be using quires with unnamed placeholders "INSERT INTO folks (name, addr, city) values (?, ?, ?)
    or INSERT INTO folks (name, addr, city) value (:name, :addr, :city)

    Or do we just grab the the POST or GET data and relay it directly in to the query values.
    Last edited by djalam; 08-18-2010 at 04:18 PM.
    Reply With Quote Reply With Quote
  2. 08-18-2010 05:59 PM #2
    misson
    misson is offline     x10 Spammer misson is a jewel in the rough
    Join Date
    Mar 2008
    Location
    Libertatia
    Posts
    2,506

    Re: Does PHP PDO need injection prevention?

    There is one subtly about prepared statements that makes it not such a stupid question (only prepared statement parameters are invulnerable to injection; the statement itself can still contain injection vectors if any user input is interpolated into the statement itself). However, the question of SQL injection and prepared statements has been covered before in exacting detail.
    Last edited by misson; 08-18-2010 at 06:04 PM.
    Be sure to read all pages linked in this post; they have further information that should prove useful. When asking for help, make sure you follow Eric Raymond's and Jon Skeet's guidelines for prompt, accurate responses. Please answer any questions I ask; they're not rhetorical (probably). Any posted code is intended as illustrative example, rather than a solution to your problem to be copied without alteration. Study it to learn how to write your own solution.
    Misson, not Mission.
    Reply With Quote Reply With Quote
  3. 08-18-2010 10:27 PM #3
    djalam
    djalam is offline     x10Hosting Member djalam is an unknown quantity at this point
    Join Date
    Jan 2008
    Posts
    71

    Re: Does PHP PDO need injection prevention?

    Gotcha Thanx mission, always good help. Checking out the links now.
    Reply With Quote Reply With Quote
+ Reply to Thread
« Previous Thread | Next Thread »

Similar Threads

  1. SQL Injection?
    By focus in forum Programming Help
    Replies: 16
    Last Post: 05-28-2010, 03:34 PM
  2. SQL injection?
    By callumacrae in forum Programming Help
    Replies: 20
    Last Post: 01-12-2010, 02:29 PM
  3. SQL Injection
    By conker87 in forum Scripts & 3rd Party Apps
    Replies: 0
    Last Post: 11-06-2007, 08:39 PM
  4. [REQ] SQL Injection Prevention
    By Woolie in forum The Marketplace
    Replies: 8
    Last Post: 02-13-2006, 03:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules

x10hosting free hosting for the masses
dedicated servers