سؤال
People tend to get religious about picking the PDO database API over mysqli. Often you find questions regarding mysqli answered with statements like 'Forget mysqli, use PDO. Its the safe way'. So I follow along, getting a grasp of this PDO concept, preparing statements and binding them etc.
But what is the big deal? Why are people making this effort to use there database by this means? How is this safeguarding your application against SQL injections?
المحلول
PDO isn't a safeguard against SQL injection. You can still write utterly dangerous injectable queries all you want in PDO, and PDO won't care.
What PDO does is provide TOOLS that allow you to write queries safely.
But don't go blame PDO if it providers a safe hammer, and then you go on using your forehead to drive in some nails. PDO did its job and provided the tools, you're the one with nail holes in your skull.
https://stackoverflow.com/questions/23616400
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian