Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 1 of 1
  1. #1
    Master Coder
    Join Date
    Apr 2003
    Location
    in my house
    Posts
    5,211
    Thanks
    39
    Thanked 201 Times in 197 Posts

    injection clarification please.

    Hi,

    Edit:
    I sorted it out by
    1. trying it
    2. checking the db connection only has select and insert options.


    My form passes a few field values to a processing script which inputs them to the MySQL db. One of those fields is a text message and the MySQL insert statement uses placeholders. Is that adequate for preventing the insertion of this as part of the text

    Code:
    ; and delete table where 1
    Or do I need to 'regex out' the follwing.. ; ' [ ] etc?

    bazz
    Last edited by bazz; 03-05-2010 at 05:11 AM.
    "The day you stop learning is the day you become obsolete"! - my late Dad.

    Why do some people say "I don't know for sure"? If they don't know for sure then, they don't know!
    Useful MySQL resource
    Useful MySQL link


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •