[nycphp-talk] More confused now then before by PHP security!
Chris Shiflett
shiflett at php.net
Sun Jan 22 10:23:32 EST 2006
Edward Potter wrote:
> Based on this article, how do you write secure PHP code, the author
> seems to claim that there is no 100% way?
My apologies. I've added the following to the end:
"To avoid this type of vulnerability, use mysql_real_escape_string(),
bound parameters, or any of the major database abstraction libraries."
http://shiflett.org/archive/184
I only meant to highlight the distinction between addslashes() and
mysql_real_escape_string(), because I see too many people claiming that
there is no difference. The difference isn't likely to matter to you,
but it's there.
Anyway, glad to see someone read this. Thanks. :-)
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
More information about the talk
mailing list