Safely inject the values into SQL
Other than using bind in SQL, this is the old school way to solve the SQL query to prevent injection attack Sample Code // a sample list of values to use in IN(): $values = [1,4,10,’12a’,’xy\’z’]; // VERSION 1. For integers: make sure all array elements are integers $in = implode(‘,’, array_map(‘intval’, $values)); // VERSION 2. For strings: apply PDO::quote() function to all elements $in = implode(‘,’, array_map([$pdo, ‘quote’], $values)); // VERSION 3. Custom sanitization: allow only letters a[…]
Safely inject the values into SQL Read More »