New to forum and need some help.
Working on a website (personal) in PHP and MySQL and i'm afraid of SQL injection attacks. My site requires a lot of user interaction and uses a lot of SQL and relational databasing. I don't want to get too far down the road and realize I screwed up somewhere. Here's my questions...
1) Could someone give me an example of a strongly typed query versus and vunerable one?
2) How well do the mysql_real_escape_string() work and mysql_escape_string() the protect against unwanted commands? Could I just use that to sanitize my data?
3) Or should I used PDOs to query? I'm not too familiar with PDOs but from what I've read, there quite a bit of debate whether they speed up or slow down your query time.
4) How exactly do PDOs protect you against a SQL injection attack?
afraid of SQL injection attacks
Moderator: General Moderators
Re: afraid of SQL injection attacks
if its a personal site and you make backups I don't see why you should be scaredmijreed wrote:Working on a website (personal) in PHP and MySQL and i'm afraid of SQL injection attacks.
not sure what you mean by strongly typed querymijreed wrote:1) Could someone give me an example of a strongly typed query versus and vunerable one?
well they do what they are supposed to do, but just using them doesn't stop you from making your own logic errors.mijreed wrote:2) How well do the mysql_real_escape_string() work and mysql_escape_string() the protect against unwanted commands? Could I just use that to sanitize my data?