Hello, I was wondering if doing parameter binding is enough to make me safe against SQL injection when I make db queries:
$db->query("INSERT INTO addresses(name, email, address, city , state, zip) VALUES(?,?,?,?,?,?)", array($name, $email, $address, $city, $state, $zip));
If not, do I have to do something else to be safe against SQL injection?
-Andy
没有评论:
发表评论