[nycphp-talk] Not-so-subtle attack on PHP

csnyder chsnyder at
Wed Sep 26 14:04:04 EDT 2007

On 9/26/07, Kenneth Downs <ken at> wrote:
>  From:
>  Q: How can sites protect themselves against SQL injection?
>  A:  You basically have a choice between programming tools that lock you
>  into proprietary architectures and those that allow you to incorporate new
>  open source libraries and tools as they become available.

There, fixed that for them.

If your PHP code isn't preventing SQL injection then use one of the
many extensions or libraries that prevents it... or write your own.

My personal favorite:
public function esc( $value ) {
  return mysql_real_escape_string( $value, $this->db );

Chris Snyder

More information about the talk mailing list