Hi all,
What is the correct way to filter/escape user-inputted values for database host, name, username and password, to be used in a PDO connection?
Thanks
Escape username/password in PDO connection
Moderator: General Moderators
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Escape username/password in PDO connection
I'm talking about the strings that are used in the PDO constructor - the host, database engine & db name which form the dsn, plus the username and password. Do these strings need escaping when working with user-submitted info (i.e. when they first configure the application).
I don't know whether these fields represent a possible target for attack.
I don't know whether these fields represent a possible target for attack.