Is SQL injection more prone in plain PHP code in opposite to a PHP framework? [closed]

Question

Closed. This question is opinion-based. It is not currently accepting answers.

---

Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.

Closed 9 years ago.

Improve this question

I'm using plain PHP code than an PHP/MVC framework.

I want to know, is plain PHP code more prone to SQL injection than using a PHP/MVC framework?

Answer 1

You should use mysql_real_escape_string for escaping string input parameters in a query. Use type casting to sanitize numeric parameters and whitelisting to sanitize identifiers.

A better solution would be to use prepared statements, you can do this by using PDO or mysqli.

Answer 2

Plain PHP isn't more vulnerable to SQL Injection, when you know how to program it. PHP MVC Frameworks are just plain PHP aswell, written by other humans like you :).