I think what Matt is saying is pretty standard.

Basically you should format your SQL to use things like
Prepare mysqlstmt as "select ... where mycolumn is > ? and < ?"
Execute mysqlstmt using :hostvariable1, :hostvariable2

You should NOT do
Prepare mysqlstmt as "..." concat :whateverTheUserTypedIn concat...
Execute mysqlstmt

as the latter is where you'll get hit with SQL injection attacks.

Rob Berendt

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].