PDO

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
theBond
Forum Newbie
Posts: 19
Joined: Thu Jul 17, 2008 7:46 pm

PDO

Post by theBond »

If i use PDO can i skip using head spinning security issues like, checking for magic quotes, adding slashes etc?
User avatar
ghurtado
Forum Contributor
Posts: 334
Joined: Wed Jul 23, 2008 12:19 pm

Re: PDO

Post by ghurtado »

Well, magic quotes are in no way related to PDO, since they are a global PHP setting, but unless you are using a really old version of PHP, you should not have to worry about them being on very often.

What PDO affords you is prepared statements as an alternative to manually escaping SQL, but you still have to understand the problem of user input in SQL in order to use prepared statements properly - even when using PDO there is the potential for SQL injection if you don't know what you are doing. In short: although you should be using it, PDO is no magic pill and will not allow you to "skip security issues".

Security comes from knowledge, experience and mindset, not from switching libraries.
Post Reply