...

View Full Version : Resolved injection clarification please.



bazz
03-03-2010, 09:25 PM
Hi,


I sorted it out by
1. trying it
2. checking the db connection only has select and insert options.


My form passes a few field values to a processing script which inputs them to the MySQL db. One of those fields is a text message and the MySQL insert statement uses placeholders. Is that adequate for preventing the insertion of this as part of the text



; and delete table where 1


Or do I need to 'regex out' the follwing.. ; ' [ ] etc?

bazz



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum