fluentpdo icon indicating copy to clipboard operation
fluentpdo copied to clipboard

Published 20 hours ago verified publisher icon envms

The fluent PDO passes parameters by "prepare" and "bindValue" to avoid sql injection?

Open fernandorotermund opened this issue 3 years ago • 2 comments

fernandorotermund avatar Jun 30 '21 19:06 fernandorotermund

Are you asking if Fluent uses prepared statements? If that is the question: Yes, all queries and parameters are run through prepare() before being executed.

cbornhoft avatar Jul 02 '21 15:07 cbornhoft

yes, and would that eliminate SQL injection?

fernandorotermund avatar Jul 07 '21 14:07 fernandorotermund