Timeline for Prepared statements from security viewpoint

Current License: CC BY-SA 3.0

16 events

when toggle format	what		by	license	comment
Jun 11, 2014 at 6:43	comment	added	Madara's Ghost		One thing, the first query you make should not be a prepared statement. The rule of thumb: If your query has parameters, it needs to be a prepared statement. Just selecting something from a table with no constraints or parameters can and should be a normal query (Prepared statements have a slight hit on performance).
Jun 11, 2014 at 2:44	history	edited	Jamal	CC BY-SA 3.0	deleted 252 characters in body; edited title
May 7, 2014 at 11:12	history	unprotected	rolfl
Mar 14, 2014 at 22:29	vote	accept	CRABOLO
S Mar 14, 2014 at 22:27	history	bounty ended	CRABOLO
S Mar 14, 2014 at 22:27	history	notice removed	CRABOLO
Mar 12, 2014 at 17:22	history	protected	Malachi
Mar 12, 2014 at 11:10	comment	added	Sebastian Redl		Why do you separate questions and answers into two separate arrays? It seems to me that working with one array of question-answer pairs is much easier. But we'd have to see the code where you use those arrays to be sure.
Mar 12, 2014 at 3:35	answer	added	200_success		timeline score: 8
Mar 12, 2014 at 2:52	answer	added	bumperbox		timeline score: 6
Mar 12, 2014 at 1:43	history	tweeted			twitter.com/#!/StackCodeReview/status/443562907369242624
S Mar 12, 2014 at 0:35	history	bounty started	CRABOLO
S Mar 12, 2014 at 0:35	history	notice added	CRABOLO		Draw attention
Mar 8, 2014 at 16:32	answer	added	Cerad		timeline score: 4
Mar 8, 2014 at 16:21	comment	added	Cerad		It looks like you are using prepared statements correctly. However, I'd suggest rewriting using PDO prepared statements with named parameters. All of those binding statements can go away. I can give you a short example if you want.
Mar 7, 2014 at 20:29	history	asked	CRABOLO	CC BY-SA 3.0

toggle format