Is this PDO code safe enough from SQL injection?

2018-07-03 15:31:13

This question already has an answer here:

Are PDO prepared statements sufficient to prevent SQL injection? 7 answers

If you use only prepare statments as in your code above you are secure. There are AFIK no other posibilities to hack your site with SQL injections.

The prepare statments encupulates the data from the commands so can no content be executed as part of a SQL statment.

Yes, prepared queries are generally near-100% safe from SQL Injections. However, I would recommend also passing in the data_type argument to PDO::bindParam() ;

See: Are Prepared Queries 100% Safe Against SQL Injections

Yes this PDO code safe enough from SQL injection.

链接地址: http://www.djcxy.com/p/93738.html

上一篇: 在SELECT PDO准备语句中进行SELECT

下一篇: 这个PDO代码是否足够安全的从SQL注入？