php vs python
Nick Craig-Wood
nick at craig-wood.com
Thu May 22 11:30:07 EDT 2008
Damon Getsman <dgetsman at amirehab.net> wrote:
> PHP has great support for accessing a MySQL database,
Actually I'd say PHP's mysql support is lacking a very important
feature. mysql_query() doesn't support parameters (or placeholders,
usually '?') which means that unless you use
mysql_real_escape_string() on all user input you are leaving yourself
wide open for SQL injection attacks.
With all the other non-PHP mysql programming I've done you use
parameters for all user input and you don't have to worry.
It is not a big deal, but I've had it drummed into me to always use
parameters for user input and I was really suprised PHP didn't have
them.
--
Nick Craig-Wood <nick at craig-wood.com> -- http://www.craig-wood.com/nick
More information about the Python-list
mailing list