2010年2月25日星期四

Re: [fw-db] Parameter Binding and SQL injection

It is safe.

--
Regards,
Vladas Diržys


On Thu, Feb 25, 2010 at 19:18, Andy Daykin <daykinandy@gmail.com> wrote:
Hello, I was wondering if doing parameter binding is enough to make me safe against SQL injection when I make db queries:
 
$db->query("INSERT INTO addresses(name, email, address, city , state, zip) VALUES(?,?,?,?,?,?)", array($name, $email, $address, $city, $state, $zip));
 
If not, do I have to do something else to be safe against SQL injection?
 
-Andy
 
 
 

发帖者 lazayworm 时间: 09:39

没有评论:

发表评论

订阅: 博文评论 (Atom)