[Phpwm] Phpwm Digest, Vol 182, Issue 2
David Goodwin
david at codepoets.co.uk
Tue Oct 13 19:16:41 UTC 2009
>
> With regard to SQL Injection this does not really matter with a simple php
> to email form? only when the form details are being sent to a database.
Indeed. SQL Injection can only occur where you embed variables within
a string which is passed to the SQL server.
Where possible, use prepared statements or some sort of ORM layer to
remove the requirement to explicitly sanitise data.
thanks
David.
--
David Goodwin
[ david at codepoets dot co dot uk ]
[ http://www.codepoets.co.uk ]
More information about the Phpwm
mailing list