NYCPHP Meetup

[csnyder]

On 9/26/07, Kenneth Downs <ken at secdat.com> wrote:
>
>  From:
> http://www.eweek.com/article2/0,1759,2188714,00.asp
>
>  Q: How can sites protect themselves against SQL injection?
>  A:  You basically have a choice between programming tools that lock you
>  into proprietary architectures and those that allow you to incorporate new
>  open source libraries and tools as they become available.

There, fixed that for them.

If your PHP code isn't preventing SQL injection then use one of the
many extensions or libraries that prevents it... or write your own.

My personal favorite:
public function esc( $value ) {
  return mysql_real_escape_string( $value, $this->db );
}

-- 
Chris Snyder
http://chxo.com/