Securing your MySQL Queries with Sprintf
View Single Post
09-28-2007, 06:46 PM
Join Date: Sep 2007
That may be needed for older versions of mysql, but as far as I know new versions require a query to be like this (I know my version of SQL requires it)
SELECT * FROM `table` WHERE `id` = 'value'
SELECT * FROM table WHERE id = value
The first way prevents sql injection attacks so long as you clean the incoming data, ` and ' are escaped, leaving you with a safe query.
View Public Profile
Send a private message to Village Idiot
Find More Posts by Village Idiot