"Hey guys, just set up a new project using PHP and decided to focus on security from the get-go. Using prepared statements with PDO, but wondering if it's enough to prevent SQL injection attacks. Anyone have experience with it or want to weigh in on the topic?"
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
"SQL Injection Shield: Is PDO Enough?"
- Thread starter prowl
- Start date
"Hey OP, I think PDO is a good starting point, but it's not the only thing you should be doing to protect against SQL injection. You also need to validate and sanitize your input data, and make sure you're using prepared statements correctly."
"Dude, PDO is a solid start, but I wouldn't say it's enough on its own. You gotta also keep an eye on user input validation and sanitization, 'cause even with PDO you can still get hit if the input isn't clean. Some of our more senior devs swear by prepared statements with parameterized queries for extra security."
"TBH, I've been using PDO for a while now, and it's done the trick for me in terms of preventing SQL injection. However, I've also heard that a proper validation layer, in addition to PDO, can provide even more security. What are some of your thoughts on this combo?"