[RESOLVED] PDO Security Question

@NvenomAug 03.2012

Howdy?

Basically i have not been able to find anything stating otherwise that

[code=php] $sth->execute(array($var1, $var2)); [/code]

Executing with the parameters included is equal to

[code=php] $sth->bindParam(1, $var1, PDO::PARAM_INT); $sth->bindParam(2, $var2, PDO::PARAM_STR, 12); $sth->execute(); [/code]

Executing with the parameters defined in bindParam() Security wise.

Using bindParam seems more secure to me because it defines the data type.. (like PDO:?ARAM_INT)

Can anyone Clarify if either is superior to the other in security, Please and Thanks ?

to post a comment

PHP

2 Comments(s) _↴

@NogDogAug 03.2012 — #I don't think it makes a difference security-wise (SQL injection will be prevented in either case), though it may help prevent/detect programming errors.

@NvenomauthorAug 03.2012 — #Okay, Thanks for the reply ?

Also in #PHP _↴

[RESOLVED] Quick PHP Question, help appreciated!Array Functions Help Php Mailing/mysql!!!!!!!!

Success!

Help @Nvenom spread the word by sharing this article on Twitter...

Tweet This

about: ({
version: 0.1.9 — BETA 5.17,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});

changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...

recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...

[RESOLVED] PDO Security Question

2 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

[RESOLVED] PDO Security Question

2 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

2 Comments(s) _↴

Also in #PHP _↴