For Programmers: Free Programming Magazines  


Home > Archive > PHP DB > June 2004 > Re: [PHP-DB] Re: SQL injection & prepared statements









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author Re: [PHP-DB] Re: SQL injection & prepared statements
Gerard Samuel

2004-06-25, 3:55 pm

On Friday 25 June 2004 01:03 pm, Hans_L wrote:
> Gerard Samuel wrote:
> <snip>
>
>
> Yes, the idea with prepared statements is that the database (or
> transport layer, etc.) knows how to properly escape the values.

Thanks for your reply. I wasn't sure who was respondsible for "cleaning up"
data sent to the db. So I guess Ill continue with the thought that
prepared statements (in databases that can use it) takes care of it.
Thanks
Sponsored Links







Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive

Copyright 2008 codecomments.com