phpLens
 home  products examples manual  faq support forum  contact news  login store

Forums: phplens   adodb
Forums:   ADOdb Help & Dev:   Replies 
Search
Topic: qstr
author: Michael   created: 22-06-2012 04:31:38 AM
Hello,
Is this good for preventing mysql injections?

$sql = 'INSERT INTO table (value1,value2,value3,date)';
$sql .= 'VALUES ('.$conn->qstr($value1).','.$conn->qstr($value2).','.$conn->qstr($value3).',NOW())';
if($conn->Execute($sql) === false) {
print 'error inserting: '.$conn->ErrorMsg().'';
}

or

$recordSet = &$conn->Execute('SELECT * FROM table WHERE id = '.$conn->qstr($id).' LIMIT 1');

Thanks In advance,
Topic: Re:qstr
author: John Lim   created: 26-06-2012 03:59:34 AM
Your code is protected against sql injection.

You can use qstr or bind variables. Both will stop sql injection attacks.
Topic: Re:qstr
author: Michael   created: 26-06-2012 04:24:31 AM
Thank you John
Page 1
Search

View Source

email: contact#phplens.com (change # to @)     telephone (malaysia): 60-3-7947 2888     fax (malaysia): 60-3-7947 2800