DB_DataObject and PDO
I was told that using PDO is recommended to make my code more secure from
mysql injections.
I am currently using DB_DataObject that I read that cleans the input from
injections as well
(http://pear.php.net/manual/en/package.database.db-dataobject.php) Do I
still need to use PDO or DB_Dataobject should be ok ? Also can I combine
them together and if yes how.
Example part of my DB statement
$password=encryptpass($_REQUEST['password']);
$user->query("select username from {$user->__table} where
(username = '$username' or email='$username') AND password =
'$password' ");
Thanks
No comments:
Post a Comment