Bind amounts in PHP and other languages

Asked

Viewed 50 times

1

Safety and performance is extremely important for any application, so some techniques are used for development.

One of them is the bind to perform any type of query in your database.

When you do it for example:

 $CEP->nomeBairro($nomeBairro);
 $CEP->inserirCepAtendido();

and in your class you have an Insert with bindParam, I know that this type of parameterization is extremely advantageous in the security issue.

It struck me a curiosity, this approach, has as benefit only safety or other benefits?

  • Another advantage would be not having to mix the variables or values (bindValue) in the middle of the query, but it is relative how much it is advantage, otherwise it is only a facilitator to avoid having to do things "patched" in the middle, your code there for me does not make sense, nor does OO make much sense in PHP, most use pq think beautiful and not for real need, but nor will I get into this merit of debate, the point I want to raise are: "security guard", it is not well that it was not security, but security as they often used wrong ...

  • ... and this comment from @Acco

1 answer

1


Along with security (preventing injection attacks and other errors) it is a facilitator to put the value in query without mixing things up and working the right kind, but most only use it because it does a job to ensure it is put in a way that avoids the SQL Injection.

Of course it is not the function itself that accomplishes this, it is the whole mechanism, it is the visible gateway.

In some technologies it may have some additional action, which is not necessarily an advantage, but in the mysqli is just that. Not that it’s anything substantial but in mysqli is safer because it is native (contrary to popular belief that PDO would be safer).

  • This question of putting the value in the query, if you put type: Insert into example values ($id,$value) for example... has chance of sql large new Injection

  • Yes, that’s the main problem.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.