On Tue, Oct 23, 2007 at 10:14:17AM -0700, Francois Larouche wrote:
Funny you mention this because in my experience I found more sql
injections in mysql websites. But as you mention it's not related to the
database but how it has been implemented inside the web application
or/and inside the stored proc.
what I have been doing lately is using a module in PEAR called MDB2.
if you use that technique for *every* query, you should not be vulnerable to
sql-injection any more. naturally there are other vectors to be concerned