Thursday, June 26, 2014

Use bin2hex and unhex as simple sql injection prevention

When it comes to sql injection prevention prepared statement is definitely the correct solution but if you find yourself in a predicament that prevents you from using one hexing and unhexing works.

Use a query like this:
$query = "SELECT * FROM table WHERE column = UNHEX(".bin2hex($userInput).")";

No comments:

Post a Comment