PHP Classes

Noes not use bind parameters.

Recommend this page to a friend!

      PHP CRUD generator  >  All threads  >  Noes not use bind parameters.  >  (Un) Subscribe thread alerts  
Subject:Noes not use bind parameters.
Summary:Package rating comment
Messages:2
Author:per
Date:2014-02-21 22:10:55
Update:2014-02-21 22:29:02
 

per rated this package as follows:

Utility: Insufficient
Consistency: Sufficient
Documentation: Sufficient
Examples: Sufficient

  1. Noes not use bind parameters.   Reply   Report abuse  
Picture of per per - 2014-02-21 22:10:55
Noes not use bind parameters. Although the sql query is textually excaped, we all know this was insufficient in 2006, and its just plain reckless to not use parameter binding.

  2. Re: Noes not use bind parameters.   Reply   Report abuse  
Picture of per per - 2014-02-21 22:29:02 - In reply to message 1 from per
I do appreciate a CRUD generator. This code is currently unsuitable for exposure to an internet facing server. Even though you excape your string, I could still give your the variable like... $safe_escaped = '1 UNION SELECT password FROM users. Or use crazy combinations of concat, char, hex, and undex to manually write out my command without your escaped slashes.