Luis Gerardo Runge Luis Gerardo Runge - 8 days ago 6
MySQL Question

Can I prevent MySQL injection if I do not allow to use simbols in the form?

Just a stupid question: I know very well how to prevent MySQL Injection using PDO and MySQLi, but Can I prevent it if I just do not allow symbols in the forms?

I mean: If I use something like:

<input name="txt_user" id="txt_user" pattern="[a-zA-Z0-9-]+">


Can this prevent MySQL Injection?

Thanks in advance for your answers!!!

Answer

No. There is nothing preventing the user from editing the HTML of the page and removing that attribute.

Validation should always be done on the server side. See also