MySQL Prepared Statements?
Use PDO (PHP Data Objects) to connect to your MySQL database. This method will make sure that all database input will always be treated as text strings and you will never have to do any manual escaping.
If you don't want to deal with escaping your input, you can always pattern match it as it comes in then dispatch your prewritten statements. This is really only going to be worth the effort if you have relatively few possible statements to execute.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.
Related Questions
Are dynamic mysql queries with sql escaping just as secure as prepared statements?
PHP/MYSQL - MYSQLI - Prepared Statements - How to get the value of this query?
Trying to figure out PHP PDO prepared statements and placeholders. Placeholder in “IN” clause of MySQL statement?
MySQL/PHP: How can we bind a parameter to both (?)s in prepared statements?
Insert or Update with prepared statements in MySQL?
Can I use arithmetic expressions in sql prepared statements?