[phpGroupWare-developers] Security: PDO for db-class is preventing sql-injections

[Sigurd Nes]

Sigurd Nes wrote:
> Any interest in the super-quick PDO-version of the db-class?
> http://savannah.gnu.org/patch/index.php?6572
Follow up:
Looks like PDO is preventing sql-injections as it does not allows multiple 
statementents in a single query.

Example:
'SELECT * FROM table1; DELETE FROM table2' - will fail with a 'cannot insert 
multiple commands into a prepared statement' even though it is not a prepared 
statement.


Regards

Sigurd