Jump to content

SLSCoder

Members
  • Posts

    43
  • Joined

  • Last visited

Community Answers

  1. SLSCoder's post in I can't add an at command from php. Please help. was marked as the answer   
    I figured this out.
    The problem was not with the at command, the user www-data did not have permissions to create the directory.
    This is resolved.
     
  2. SLSCoder's post in SQL Injection - Stored Procedures was marked as the answer   
    The correct answer to this question is that it cannot be done.
    That is, there is no way using PDO or mysqli prepared statements to create stored procedures from client form inputs as parameters and therefore no way to prevent sql injection.
    The reason is that prepared statement parameters (PDO or mysqli) cannot be saved as part of a query. The parameters the database, not as part of the sql.
    The PHP code to create the prepared statement and if not still cached the MySql work to optimize the prepared statement must be executed every time the prepared statement is used.
    If the prepared statement is to be run repeatedly the parameters must be stored initially and then retrieved every time the prepared statement is called.
    I think it would be worthwhile to find better ways than prepared statements to prevent sql injection.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.