Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 1 of 1
  1. #1
    Master Coder
    Join Date
    Apr 2003
    in my house
    Thanked 201 Times in 197 Posts

    injection clarification please.


    I sorted it out by
    1. trying it
    2. checking the db connection only has select and insert options.

    My form passes a few field values to a processing script which inputs them to the MySQL db. One of those fields is a text message and the MySQL insert statement uses placeholders. Is that adequate for preventing the insertion of this as part of the text

    ; and delete table where 1
    Or do I need to 'regex out' the follwing.. ; ' [ ] etc?

    Last edited by bazz; 03-05-2010 at 05:11 AM.
    "The day you stop learning is the day you become obsolete"! - my late Dad.

    Why do some people say "I don't know for sure"? If they don't know for sure then, they don't know!
    Useful MySQL resource
    Useful MySQL link


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts