http://www.logris.org/security Security and programming, "book" of. Mon, 15 Mar 2010 11:54:54 +0000 http://wordpress.org/?v=2.5 http://www.logris.org/security/escaping-is-not-a-security-measure#comment-91 Peter Maxwell Sat, 20 Sep 2008 02:36:19 +0000 http://www.logris.org/security/?p=5#comment-91 The only way I've really been comfortable with user supplied input in SQL queries is using bind-variables. I'd used PHP's PDO extension (with Oracle at the time). Don't know what anyone elses views are on this though. The only way I’ve really been comfortable with user supplied input in SQL queries is using bind-variables. I’d used PHP’s PDO extension (with Oracle at the time). Don’t know what anyone elses views are on this though.

]]>