Thread: Secure Coding
View Single Post
Old 19-07-2010, 10:15   #9
Damien
Remoaner
Cable Forum Team
 
Damien's Avatar
 
Join Date: Mar 2004
Posts: 32,731
Damien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver bling
Damien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver blingDamien has a lot of silver bling
Re: Secure Coding
Quote:
Originally Posted by punky View Post
Parameterised queries are unique to ASP.NET.
Don't think they are. Admittedly .Net has the best support for it I have yet seen. They are usually handled via database abstraction layers depending on the database outside of a .Net stack. I think PHP has had it since PHP 5. Although you seem to need a newer version of mySQL. Worth it though. Parametrised Queries rock.

http://www.php.net/manual/en/mysqli-stmt.bind-param.php

Quote:
ASP.NET has a lot of built-in protection (it even prevents HMTL/script tags from being entered as a parameter by default) but PHP has none. You have to do it yourself.
Yup. More Microsoft awesomeness Although MVC takes a lot of this away as it's a far less abstracted framework so it's not always the case.
Damien is offline   Reply With Quote