Yes, prepared statements protect from SQL injection because the "data"
is clearly separated from the SQL code, and MySQL knows what to do
with "data"
The rest of your code has absolutely NOTHING to do with SQL injection,
but with data validation and business logic.
On Thu, May 24, 2007 11:10 am,
Jason Pruim <[EMAIL PROTECTED]> wrote: Hi Everyone,
I think I have found away to prevent SQL code injection into my
database and just wanted to get everyones comments on my method.
Am I correct in thinking that I'm fairly
safe from the bad people and the stupid users?
You ne
Hi Everyone,
I think I have found away to prevent SQL code injection into my
database and just wanted to get everyones comments on my method.
if (!isset($_POST['FName']) || empty($_POST['FName']))
$errmsg .="Please enter your name";
if (!isset($_POST['LName']) || empty($_POST['LName']))
$
3 matches
Mail list logo
