Timeline for How can I prevent SQL injection in PHP?
Current License: CC BY-SA 4.0
8 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Oct 28, 2020 at 1:43 | comment | added | Shayne | Honestly its not the worst idea , pocketrocket. Depending on the ORM, theres a very very high chance that the authors of the ORM know their way around SQL better than the coder. Its kind of like that old rule of encryption that unless you've got your name on research papers in the field, dont roll your own, because chances are the attacker DOES have his name on papers in the field. That said if its an ORM requiring you to supply all or part of the query (ie Model.filter('where foo = ?',bar), you may well be better off rolling hand SQL | |
| Oct 9, 2020 at 15:25 | comment | added | pocketrocket | I honestly disagree on your suggestion. This could lead to a false postive feeling of security throwing in any ORM. Of course, most of those take care of prepared statements and parameterized queries. A newbie coming to this post might still feel secure by picking any ORM - trusting them all. In general ORM are easing up things by hiding / abstracting implementation details. You really WANT to check (or blindly trust) how it's done. Rule of thumb: The bigger the open source community (support) behind it, the less it's totally screwed ;) | |
| Mar 29, 2020 at 15:35 | history | edited | Peter Mortensen | CC BY-SA 4.0 |
Active reading.
|
| Dec 25, 2017 at 14:54 | history | edited | Nae | CC BY-SA 3.0 |
Grammar improvement(s)
|
| Aug 16, 2016 at 13:06 | history | edited | Bhavin Solanki | CC BY-SA 3.0 |
Improve answer
|
| Mar 24, 2014 at 20:56 | history | edited | Peter Mortensen | CC BY-SA 3.0 |
Copy edited.
|
| S Mar 20, 2014 at 0:17 | history | answered | Thomas Ahle | CC BY-SA 3.0 | |
| S Mar 20, 2014 at 0:17 | history | made wiki | Post Made Community Wiki by Thomas Ahle |