www.webdeveloper.com
Results 1 to 3 of 3

Thread: [RESOLVED] PDO Security Question

  1. #1
    Join Date
    May 2011
    Location
    With Hobbits
    Posts
    125

    resolved [RESOLVED] PDO Security Question

    Howdy

    Basically i have not been able to find anything stating otherwise that

    PHP Code:
    $sth->execute(array($var1$var2)); 
    Executing with the parameters included is equal to

    PHP Code:
    $sth->bindParam(1$var1PDO::PARAM_INT);
    $sth->bindParam(2$var2PDO::PARAM_STR12);
    $sth->execute(); 
    Executing with the parameters defined in bindParam() Security wise.

    Using bindParam seems more secure to me because it defines the data type.. (like PDO::PARAM_INT)

    Can anyone Clarify if either is superior to the other in security, Please and Thanks
    Last edited by Nvenom; 08-03-2012 at 05:42 AM.

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,637
    I don't think it makes a difference security-wise (SQL injection will be prevented in either case), though it may help prevent/detect programming errors.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    May 2011
    Location
    With Hobbits
    Posts
    125
    Okay, Thanks for the reply

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles