Member Avatar for DarkMonarch

i kept reading on sql injections after answering a guy on the subject and end up on this page: http://php.net/manual/en/pdo.prepared-statements.php

which i think is great for optimisation and i will probably apply on this portal im working on, but ...
what do you guys think about this prebuild template like versus sql injections ?
would you trust this prepared statement for security or you will still apply some security measures?

thx for your input

Edited by DarkMonarch because: spelling
  • 5 Contributors
  • 5 Replies
  • 119 Views
  • 21 Hours Discussion Span
  • Latest Post Latest Post by diafol

Recommended Answers

All 5 Replies

Member Avatar for phorce

Hey, throwing this out there.

(I spend my time researching/developing Speech Algorithms so don't code much in PHP anymore) but I read an article that said that PDO removes the risk of SQL injections.. So probabily. There's a lot of debate to whether PDO or MYSQLI is more efficient etc.. :)

Member Avatar for pritaeas

It reduces risk. Always validate your inputs. Don't blindly inject a value, even if you are binding it. It may be the wrong type and you end up with unexpected results.

Member Avatar for DarkMonarch

copy that @pritaeas, thx

Member Avatar for GliderPilot

I agree with pritaeas, when it comes to security the more "layers" you can have the more secure you will be. While PDO helps to mitigate risk, there will always be unexpected input or ways discovered to circumvent that particular security check. For proper risk management I would alwyas verify user input against what it should be before sending it to be actioned.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.