When it comes to sql injection prevention prepared statement is definitely the correct solution but if you find yourself in a predicament that prevents you from using one hexing and unhexing works.
Use a query like this:
$query = "SELECT * FROM table WHERE column = UNHEX(".bin2hex($userInput).")";
http://stackoverflow.com/questions/22567944/is-hexing-input-sufficient-to-sanitize-sql-queries
No comments:
Post a Comment