bazz
03-03-2010, 09:25 PM
Hi,
I sorted it out by
1. trying it
2. checking the db connection only has select and insert options.
My form passes a few field values to a processing script which inputs them to the MySQL db. One of those fields is a text message and the MySQL insert statement uses placeholders. Is that adequate for preventing the insertion of this as part of the text
; and delete table where 1
Or do I need to 'regex out' the follwing.. ; ' [ ] etc?
bazz
I sorted it out by
1. trying it
2. checking the db connection only has select and insert options.
My form passes a few field values to a processing script which inputs them to the MySQL db. One of those fields is a text message and the MySQL insert statement uses placeholders. Is that adequate for preventing the insertion of this as part of the text
; and delete table where 1
Or do I need to 'regex out' the follwing.. ; ' [ ] etc?
bazz