Database Injections
Posted: Sun Jul 30, 2006 11:16 am
Hi,
I am using PHP language to insert my clients' data into my mySQL database. Now, I know in ASP, there are some methods to prevent 'sql injections.' For example, in ASP, I can replace single quotes(') with a double quotes(") by doing this: CStr(replace(Request.form("firstname"),"'", "''")) & "'" & ",'" & _
Do I have to worry about this using php and mySQL? If so, can you please give me an example?
Thank you!
I am using PHP language to insert my clients' data into my mySQL database. Now, I know in ASP, there are some methods to prevent 'sql injections.' For example, in ASP, I can replace single quotes(') with a double quotes(") by doing this: CStr(replace(Request.form("firstname"),"'", "''")) & "'" & ",'" & _
Do I have to worry about this using php and mySQL? If so, can you please give me an example?
Thank you!