Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:59728
Return-Path: <lester@lsces.co.uk>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 11203 invoked from network); 11 Apr 2012 08:29:36 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 11 Apr 2012 08:29:36 -0000
Authentication-Results: pb1.pair.com smtp.mail=lester@lsces.co.uk; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=lester@lsces.co.uk; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain lsces.co.uk from 213.123.26.188 cause and error)
X-PHP-List-Original-Sender: lester@lsces.co.uk
X-Host-Fingerprint: 213.123.26.188 c2beaomr10.btconnect.com  
Received: from [213.123.26.188] ([213.123.26.188:14360] helo=mail.btconnect.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 8F/70-07919-BE0458F4 for <internals@lists.php.net>; Wed, 11 Apr 2012 04:29:32 -0400
Received: from host81-138-11-136.in-addr.btopenworld.com (EHLO _10.0.0.5_) ([81.138.11.136])
	by c2beaomr10.btconnect.com
	with ESMTP id GYR37900;
	Wed, 11 Apr 2012 09:29:28 +0100 (BST)
Message-ID: <4F8540E8.6050503@lsces.co.uk>
Date: Wed, 11 Apr 2012 09:29:28 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120312 Firefox/11.0 SeaMonkey/2.8
MIME-Version: 1.0
To: PHP Internals <internals@lists.php.net>
References: <CAPmfwEnMypV6DFRnRsnCvj+KQk1JG54TX3r1DNHQO3QQ0f+hjA@mail.gmail.com> <CAGa2bXZ6_rjZoYX1nbRx--EJS1rBouo+0bB3o3xjQT9W+VZy_w@mail.gmail.com>
In-Reply-To: <CAGa2bXZ6_rjZoYX1nbRx--EJS1rBouo+0bB3o3xjQT9W+VZy_w@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Mirapoint-IP-Reputation: reputation=Fair-1,
	source=Queried,
	refid=tid=0001.0A0B0301.4F8540E8.0028,
	actions=tag
X-Junkmail-Premium-Raw: score=7/50,
	refid=2.7.2:2012.4.5.53315:17:7.944,
	ip=81.138.11.136,
	rules=__MOZILLA_MSGID,
		__HAS_MSGID,
		__SANE_MSGID,
		__USER_AGENT,
		__MIME_VERSION,
		__TO_MALFORMED_2,
		__BOUNCE_CHALLENGE_SUBJ,
		__BOUNCE_NDR_SUBJ_EXEMPT,
		__SUBJ_ALPHA_END,
		__CT,
		__CT_TEXT_PLAIN,
		__CTE,
		URI_ENDS_IN_PHP,
		__ANY_URI,
		__URI_NO_MAILTO,
		__CP_URI_IN_BODY,
		BODY_SIZE_700_799,
		BODYTEXTP_SIZE_3000_LESS,
		__MIME_TEXT_ONLY,
		RDNS_GENERIC_POOLED,
		HTML_00_01,
		HTML_00_10,
		BODY_SIZE_5000_LESS,
		RDNS_SUSP_GENERIC,
		BODY_SIZE_1000_LESS,
		RDNS_SUSP,
		BODY_SIZE_2000_LESS,
		BODY_SIZE_7000_LESS
X-Junkmail-Status: score=10/50, host=c2beaomr10.btconnect.com
X-Junkmail-Signature-Raw: score=unknown,
	refid=str=0001.0A0B0202.4F8540E8.011A:SCFSTAT14830815,ss=1,re=-4.000,fgs=0,
	ip=0.0.0.0,
	so=2011-07-25 19:15:43,
	dmn=2011-05-27 18:58:46,
	mode=multiengine
X-Junkmail-IWF: false
Subject: Re: [PHP-DEV] [off] PHP: a fractal of bad design
From: lester@lsces.co.uk (Lester Caine)

Yasuo Ohgaki wrote:
> Anyway,
> http://www.php.net/manual/en/security.database.sql-injection.php
> I've never read this page. This page must be improved...

That is almost archaic it's self ...
It should be replaced with a pointer to using parameters ( no we do not need 
'prepared statements', just parameters ). One of the first things I implement on 
any code that I'm porting. Does away with any agro over escaping strings and is 
totally save 'injection' wise.

-- 
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php