[Vtigercrm-developers] Question about Coding Guidelines
Prasad
prasad at vtiger.com
Tue Mar 19 04:12:12 UTC 2013
Rietz,
pquery uses prepared
statements<http://phplens.com/lens/adodb/docs-adodb.htm#execute>for
execution that eliminates SQL
injection problems<http://en.wikipedia.org/wiki/SQL_injection#Incorrectly_filtered_escape_characters>to
a good extent.
Regards,
Prasad
On Mon, Mar 18, 2013 at 8:29 PM, Rietz, Artur <a.rietz at opensaas.pl> wrote:
> I have question about your ideas connected to mysql queries:
>
> Parameterised queries
>>
>> Use this API to overcome SQL Injection attacks
>>
> $db = PearDatabase::getInstance();
>>
>> $rs = $db->pquery("SELECT * FROM tablename WHERE id=?", array($id));
>>
>>
> Is using pquery more secure than normal query function ? ( If it is, then
> I have to ask : why ? )
>
> Regards, Rietz Artur
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20130319/4cff0370/attachment.html>
More information about the vtigercrm-developers
mailing list