[RESOLVED] PDO Security Question
Basically i have not been able to find anything stating otherwise that
Executing with the parameters included is equal to
Executing with the parameters defined in bindParam() Security wise.
$sth->bindParam(1, $var1, PDO::PARAM_INT);
$sth->bindParam(2, $var2, PDO::PARAM_STR, 12);
Using bindParam seems more secure to me because it defines the data type.. (like PDO::PARAM_INT)
Can anyone Clarify if either is superior to the other in security, Please and Thanks
Last edited by Nvenom; 08-03-2012 at 05:42 AM.
I don't think it makes a difference security-wise (SQL injection will be prevented in either case), though it may help prevent/detect programming errors.
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
Okay, Thanks for the reply
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread