Jake McGraw wrote:
Oh snap!
Personally, I like the flexibility PHP gives you in determining what
you can put in your queries and with PHP 5+, using the filter
functions and querying a MySQL DB with mysqli is a full proof method
of preventing SQL injection.
- jake
Me too.
Nobody ever notices this, but the name ought to give it away, "SQL
Injection". Not "PHP Injection".
The root cause of the SQL injection vulnerability lies in the use of the
database, not the code that accesses it.
Applying security in the database renders you structurally immune from
SQL injection.
--
Kenneth Downs
Secure Data Software, Inc.
www.secdat.com www.andromeda-project.org
631-689-7200 Fax: 631-689-0527
cell: 631-379-0010
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
