[GLLUG] Programming Project

Clay Dowling clay at lazarusid.com
Tue May 13 22:31:33 EDT 2008


Charles Ulrich wrote:
> While we're on the topic of programming, I have a general question for
> any PHP coders out there... how do _you_ deal with input sanitation?
> Is there a class or something that makes this straightforward or do
> you really have to carefully scrutinize every variable and SQL query
> because an automated process can never cover every contingency?
>   
Use parameterized queries.  The manual filtering functions are okay, but 
life gets a whole lot easier on a lot of fronts when you use 
parameterized queries.  Little Bobby Tables is recorded properly in the 
database and doesn't wipe out the rest of your data, for instance.

Clay


More information about the linux-user mailing list