Is SQL injection more prone in plain PHP code in opposite to a PHP framework? [closed]

https://stackoverflow.com/questions/22472215

16-06-2023
|

Question

Closed. This question is opinion-based. It is not currently accepting answers.

Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.

Closed 9 years ago.

Improve this question

I'm using plain PHP code than an PHP/MVC framework.

I want to know, is plain PHP code more prone to SQL injection than using a PHP/MVC framework?

Solution 2

You should use mysql_real_escape_string for escaping string input parameters in a query. Use type casting to sanitize numeric parameters and whitelisting to sanitize identifiers.

A better solution would be to use prepared statements, you can do this by using PDO or mysqli.

OTHER TIPS

Plain PHP isn't more vulnerable to SQL Injection, when you know how to program it. PHP MVC Frameworks are just plain PHP aswell, written by other humans like you :).

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow