View Full Version : Resolved injection clarification please.

03-03-2010, 10:25 PM

I sorted it out by
1. trying it
2. checking the db connection only has select and insert options.

My form passes a few field values to a processing script which inputs them to the MySQL db. One of those fields is a text message and the MySQL insert statement uses placeholders. Is that adequate for preventing the insertion of this as part of the text

; and delete table where 1

Or do I need to 'regex out' the follwing.. ; ' [ ] etc?