Subject: find_by_sql and binding
if i use find_by_sql, will it bind the variables to keep it safe from injection attacks?
i am using it like the following:
model::find_by_sql("CALL my_stored_procedure(?, ?, ?)", array(1, 'hello', 'world!'));
also, is this the proper way to call a stored procedure?
June 27 2010
April 16, 2013
Subject: find_by_sql and binding
if i use find_by_sql, will it bind the variables to keep it safe from injection attacks?
i am using it like the following:
model::find_by_sql("CALL my_stored_procedure(?, ?, ?)", array(1, 'hello', 'world!'));
also, is this the proper way to call a stored procedure?