vendredi 22 juillet 2016
Should I use addslashes function when I using PDO?
I heard that PDO defends Injection Attack automatically.
So, I can make a query without ' mark.
Then, should I use addslashes function when I using PDO?
I means...
<?php
$s = $d->prepare("SELECT * FROM `table` WHERE `no`=:n");
$s->bindParam(":n", $data);
$data = $_GET["param"];
$s->execute();
?>
or
<?php
$s = $d->prepare("SELECT * FROM `table` WHERE `no`=:n");
$s->bindParam(":n", $data);
$data = addslashes($_GET["param"]);
$s->execute();
?>
Inscription à :
Publier les commentaires (Atom)
Aucun commentaire:
Enregistrer un commentaire