How to prevent SQL injection?

Open bankorh opened this issue 10 years ago • 2 comments

As title, how can I prevent SQL injection for this driver? A newer php has removed function like mysql_real_escape_string, so what else can I do to prevent this?

Aug 14 '15 08:08 bankorh

It doesn't look like there are any bind methods, so it is up to you to filter input for anything malicious.

Scott

Aug 15 '15 09:08 smolinari

We are going to support binding in our project spider.It should be easy enough to only use the binder to sanitize your query before sending it through orient. It's not terribly high on my list atm, though.

Aug 15 '15 13:08 electricjones