php - Preventing SQL Injections with PDO -


i need sure, sql queries 100% safe.

if use pdo named placeholders, possible achieve sql injection?

regarding documentation, using pdo, query sent first, , values, means it's not possible injection, correct?

<?php try {     $dbh = new pdo('mysql:host=localhost;dbname=database;charset=utf8', 'root', '123456789');     $dbh->setattribute(pdo::attr_errmode, pdo::errmode_warning); } catch (pdoexception $e) {     echo $e->getmessage(); }  $data = array(     'email' => $_post['email'],     'password' => md5($_post['password']),     'name' => $_post['name']' );  $sth = $dbh->prepare("insert members (email, password, name) values (:email, :password, :name)"); $sth->execute($data); ?> 

also, safe use root database authorization?

yes understanding of pdo correct - data automatically sanitised.

as using root, create user minimum possible permissions (read/write 1 database). may not have security issue, if you'll prevent lot more restricting access using permissions.


Comments

Popular posts from this blog

Android layout hidden on keyboard show -

google app engine - 403 Forbidden POST - Flask WTForms -

c - Why would PK11_GenerateRandom() return an error -8023? -