Hey guys, looking for somebody who uses this module to explain something:https://ift.tt/2reXYAw would like to implement it in a forum project since easy MySQL integration is the only thing keeping me to PHP. However, this module's FAQ doesn't seem to mention anything about query sanitisation. Am I correct in assuming then not to use this in the real world at all, since a malicious user could execute SQL queries through an input form that is linked to the database?PHP has taken all sorts of action over the years to protect against SQL injection, such as mysqli_real_escape_string() and prepared statements. This Node.js MySQL module's FAQ says in its todo section that they are working on prepared statements. So should I just keep on with PHP for a little while longer until that feature is implemented? Or is there protection already against any old user submitting raw SQL code and having it be executed without trouble?
Submitted May 02, 2018 at 04:05PM by koenigsforst
No comments:
Post a Comment