问题
Does ADOdb do data sanitation or escaping within the same functionality by default? Or am I just confusing it with Code Igniter's built-in processes?
Does binding variables to parameters in ADOdb for PHP prevent SQL injection in any way?
回答1:
Correct - bound parameters are not vulnerable to SQL injection attacks.
回答2:
yes, you pass the array of parameters.
$rs = $db->Execute('select * from table where val=?', array('10'));
Rest of their docs can be found here:
来源:https://stackoverflow.com/questions/76359/variable-binding-in-php-adodb