On 9/26/07 1:53 PM, "Jake McGraw" <[EMAIL PROTECTED]> wrote: > Oh snap! > > Personally, I like the flexibility PHP gives you in determining what > you can put in your queries and with PHP 5+, using the filter > functions and querying a MySQL DB with mysqli is a full proof method > of preventing SQL injection.
Filter functions? Not the new input filter functions? To trully prevent SQL injection, you need to use eiher prepared statements or mysqlrealescape function. And don't forget to put ' ' around the result, otherwise, it's useless. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
