Happey new year folks. I have an autocomplete input and the rub is in my DB there are rows in many languages not only in english but in russian, chinese etc.
What is the best way I can sanitize the input to prevent sql injections?
P.S. I will only allow text no numbers! Just need to make sure no special characters are passed to sql!
Two words.
Prepared Statements.
What do you mean? Please elaborate?
Here’s a good article set. (If you’re using PDO, look at the second article too, but the first in the set explains the necessity and general theory).
Great thanks. If it was only Latin alphabet then I will have no issues but since I also have other languages I can’t just use same technique!
What prevents you from using prepared statements in other alphabets? I haven’t read up on it in great detail, but it would seem to be quite short-sighted to implement such an important feature that does not support other widely-used alphabets.
Absolutely nothing stops him from using them. Prepared statements dont do anything against strings, so they can take any alphabet.
OP, you asked about preventing injections. Prepared statements are how to do that. If you want to further restrict the input to a sanitized list, you’re going to have to do a lot more work (and for very limited/no gain.)
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.