Variable binding in PHP ADOdb
-
09-06-2019 - |
Question
Does ADOdb do data sanitation or escaping within the same functionality by default? Or am I just confusing it with Code Igniter's built-in processes?
Does binding variables to parameters in ADOdb for PHP prevent SQL injection in any way?
Solution
Correct - bound parameters are not vulnerable to SQL injection attacks.
OTHER TIPS
yes, you pass the array of parameters.
$rs = $db->Execute('select * from table where val=?', array('10'));
Rest of their docs can be found here:
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow