9three Posted April 20, 2009 Share Posted April 20, 2009 Hey, I'm still getting used to using MySQLi. I just wanted to verify if this is actually secure. $mysqli = new mysqli('localhost', 'user', 'password', 'world') or die('Unable to connect '.mysqli_connect_error()); $stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?, ?, ?, ?)"); $stmt->bind_param('sssd', $code, $language, $official, $percent); $code = $_POST['code']; $language = $_POST['language']; $official = $_POST['official']; $percent = $_POST['percent']; $stmt->execute(); No need to escape the POST variables because they are bounded? Link to comment https://forums.phpfreaks.com/topic/154833-so-this-is-secure/ Share on other sites More sharing options...
soak Posted April 20, 2009 Share Posted April 20, 2009 Correct. Link to comment https://forums.phpfreaks.com/topic/154833-so-this-is-secure/#findComment-814295 Share on other sites More sharing options...
9three Posted April 20, 2009 Author Share Posted April 20, 2009 thanks. Link to comment https://forums.phpfreaks.com/topic/154833-so-this-is-secure/#findComment-815007 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.