|
From: | Sigurd Nes |
Subject: | [phpGroupWare-developers] Security: PDO for db-class is preventing sql-injections |
Date: | Tue, 19 Aug 2008 18:44:26 +0200 |
User-agent: | Thunderbird 2.0.0.16 (X11/20080725) |
Sigurd Nes wrote:
Any interest in the super-quick PDO-version of the db-class? http://savannah.gnu.org/patch/index.php?6572
Follow up:Looks like PDO is preventing sql-injections as it does not allows multiple statementents in a single query.
Example:'SELECT * FROM table1; DELETE FROM table2' - will fail with a 'cannot insert multiple commands into a prepared statement' even though it is not a prepared statement.
Regards Sigurd
[Prev in Thread] | Current Thread | [Next in Thread] |