Home/ Questions/Q 8816649
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T04:40:06+00:00

Possible Duplicate: how safe are PDO prepared statements So I was looking into PDO

  • 0

Possible Duplicate:
how safe are PDO prepared statements

So I was looking into PDO to replace all the mysql queries in my php. The main reason I am doing this is for security and ease in coding. I was just wondering though, as far as security is concerned. Once I finish replacing any mysql query calls as well as any data I am capturing from users with PDO, what should I be looking into putting inbetween the prepare and the execute of the query? Or will that take care of security. I guess I just don’t understand where the security comes in with PDO. Here is an example of some of my code for getting user input then placing it in the database. Any issues with this? Or improvements I could do?

<?php
session_start();
include("dbgear.php");

$var1 = $_POST['stuff1'];
$var2 = $_POST['stuff2'];
$var3 = $_POST['stuff3'];
$var4 = $_POST['stuff4'];
$var5 = $_SESSION['stuff5'];
$vardate = date("M d, Y h:i A");


$info = "INSERT INTO comments SET     name=:user,class=:class,comment=:commentarea,date=:date,detector=:detector";


$send = $connect->prepare($info);
$send->execute(array(':user'=>$var1,':class'=>$var2,':commentarea'=>$var3,':date'=>$var4,':detector'=>$var5));

?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You dont have to worry about what you put in your database. Everything (security-wise) is handled by PDO.

    But keep in mind that if you use the data later on your website, it can contain javascript (XSS injection). So always filter your users data, cast integers to int, filter html that users upload etc before you enter it in your database to get to most secure approach.

    • 0