Skip to Main Content
Secure Development for Mobile Apps
book

Secure Development for Mobile Apps

by J. D. Glaser
October 2014
Intermediate to advanced content levelIntermediate to advanced
472 pages
10h 44m
English
Auerbach Publications
Content preview from Secure Development for Mobile Apps
139
PHP And Pdo
See the difference in results below. e first result is quoted; the second is not.
"24" = pdo->quote($userID);
versus
24 = mysql_real_escape_string($userID);
erefore, resulting SQL statements would look like the following when manually
quoted.
Using PDO q uote():
SELECT name, email, id FROM members WHERE id = "24"
Using mysql_real_escape_string():
SELECT name, email, id FROM members WHERE id = 24
As demonstrated elsewhere, the problem with the string returned from mysql_
real_escape_string() is that the string representation of the number 24 is not
quoted. is essentially treats it as a number, when it is not. It is still a string. If it was
an actual integer, it would not need to be quoted.
PDO and WHERE IN Statements
PDO does allow pas ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Developing with Web Standards

Developing with Web Standards

John Allsopp
Mobile Cloud Computing

Mobile Cloud Computing

Dijiang Huang, Huijun Wu

Publisher Resources

ISBN: 9781482209037