Does ADOdb do data sanitation or escaping within the same functionality by default? Or am I just confusing it with Code Igniter's built-in processes?
Does binding variables to parameters in ADOdb for PHP prevent SQL injection in any way?
Asked
Active
Viewed 7,283 times
2 Answers
4
yes, you pass the array of parameters.
$rs = $db->Execute('select * from table where val=?', array('10'));
Rest of their docs can be found here:
daniel__
- 11,633
- 15
- 64
- 91
Brendon-Van-Heyzen
- 2,493
- 2
- 24
- 23
2
Correct - bound parameters are not vulnerable to SQL injection attacks.
Peter Bailey
- 105,256
- 31
- 182
- 206
-
He meant specifically the adodb-php library. – Pacerier Jun 27 '15 at 00:41