Page 1 of 1
PDO
Posted: Fri Jul 25, 2008 11:26 am
by theBond
If i use PDO can i skip using head spinning security issues like, checking for magic quotes, adding slashes etc?
Re: PDO
Posted: Fri Jul 25, 2008 12:57 pm
by ghurtado
Well, magic quotes are in no way related to PDO, since they are a global PHP setting, but unless you are using a really old version of PHP, you should not have to worry about them being on very often.
What PDO affords you is prepared statements as an alternative to manually escaping SQL, but you still have to understand the problem of user input in SQL in order to use prepared statements properly - even when using PDO there is the potential for SQL injection if you don't know what you are doing. In short: although you should be using it, PDO is no magic pill and will not allow you to "skip security issues".
Security comes from knowledge, experience and mindset, not from switching libraries.