set PDO::ATTR_EMULATE_PREPARES to true or false?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
markthien
Forum Commoner
Posts: 33
Joined: Fri Feb 13, 2009 7:50 pm

set PDO::ATTR_EMULATE_PREPARES to true or false?

Post by markthien »

Hi guys,

I am using mysql 5.5 and php 5.3. I read this blog http://wezfurlong.org/blog/2006/apr/using-pdo-mysql/ saying that set it to true for better performance and etc. However, setting it to false can also prevent sql injection which describe here http://stackoverflow.com/questions/1314 ... statements.

If I wanna achieve both, what should I do ?

Cheers,
Mark
Post Reply