Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
On the Kohana prepared statement documentation it states
Although all parameters are escaped to prevent SQL injection, it is still a good idea to validate/sanitize your input.
From what I read on prepared statements, I was under the impression that binding parameters prevented SQL injection. If this is not the case, what sanitization/escaping method should I be using before binding the variables?
I think when they say “it is still a good idea to validate/sanitize”, they mean to use Valid class or/and Validation class… To make sure you get the right data inserted in your DB.
More info on Validation in Kohana: http://kohanaframework.org/3.2/guide/kohana/security/validation
UPDATE:
You should also look into XSS: http://kohanaframework.org/3.2/guide/kohana/security/xss