Thread: Secure Coding
View Single Post
Old 19-07-2010, 10:34   #10
punky
Inactive
 
Join Date: Jun 2003
Age: 44
Posts: 14,750
punky has a golden aurapunky has a golden aura
punky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aura
Re: Secure Coding
Quote:
Originally Posted by Damien View Post
Don't think they are. Admittedly .Net has the best support for it I have yet seen. They are usually handled via database abstraction layers depending on the database outside of a .Net stack. I think PHP has had it since PHP 5. Although you seem to need a newer version of mySQL. Worth it though. Parametrised Queries rock.

http://www.php.net/manual/en/mysqli-stmt.bind-param.php
Admittedly I don't use MySQLi extensions but it doesn't actually say in that doc that it santises input like ASP.NET. So it might just be a glorifed String.Format function.

Speaking of data abstraction ZendFramework does santise input via factory queries but it shouldn't be assumed they all do.
punky is offline   Reply With Quote