SwiftLeeO Posted March 26, 2013 Share Posted March 26, 2013 Okay, well from what I understand, MySQL is deprecated, so the two other options are either MySQLi, or PDO. I chose to look into PDO (PHP Data Objects). I have a question for anyone who has some grasp on it. 1. Do prepared statements eliminate SQL injections? Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted March 26, 2013 Share Posted March 26, 2013 If well used yes, they do elliminate SQL injections. Yet don't think it is the only kind of vulnerability. Quote Link to comment Share on other sites More sharing options...
Aventro Posted March 27, 2013 Share Posted March 27, 2013 I agree, If properly used they completely remove SQL Injection vulnerability. Quote Link to comment Share on other sites More sharing options...
Djkanna Posted March 27, 2013 Share Posted March 27, 2013 Yes they avoid *some* forms of SQL injection. A simple SO search will reveal where prepared statements/placeholders, cannot cover you. :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.