[Phpwm] Phpwm Digest, Vol 182, Issue 2

David Goodwin david at codepoets.co.uk
Tue Oct 13 19:16:41 UTC 2009


>  
> With regard to SQL Injection this does not really matter with a simple php  
> to email form? only when the form details are being sent to a  database.

Indeed. SQL Injection can only occur where you embed variables within
a string which is passed to the SQL server.

Where possible, use prepared statements or some sort of ORM layer to
remove the requirement to explicitly sanitise data.

thanks
David.


-- 
David Goodwin 

[ david at codepoets dot co dot uk ]
[ http://www.codepoets.co.uk       ]



More information about the Phpwm mailing list