Just use stored Procedures
|
| Author | Content |
|---|---|
| tracyanne Aug 25, 2008 6:03 PM CST |
and pass parameters, that gets rid of most the means of SQL injection from the start. There isn't a lot else you need to do after that. |
| gus3 Aug 25, 2008 10:49 PM CST |
Good advice. What's the earliest version of MySQL that supports stored procedures? (Since I'm not a professional DB dev, I've never had reason to use them in my own development, so I don't know.) |
| herzeleid Aug 25, 2008 11:13 PM CST |
5.0 IIRC |
| jezuch Aug 26, 2008 12:07 AM CST |
If you don't have stored procedures, try prepared statements. And if you don't have prepared statements... Well, here's a nickel, get yourself a real programming language ;) |
| Sander_Marechal Aug 26, 2008 1:22 AM CST |
Just get a proper Database Abstraction layer. If you're writing SQL statement by hand YOU HAVE A BUG! |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!