Luis Gerardo Runge Luis Gerardo Runge - 9 months ago 51
MySQL Question

Can I prevent MySQL injection if I do not allow to use simbols in the form?

Just a stupid question: I know very well how to prevent MySQL Injection using PDO and MySQLi, but Can I prevent it if I just do not allow symbols in the forms?

I mean: If I use something like:

<input name="txt_user" id="txt_user" pattern="[a-zA-Z0-9-]+">

Can this prevent MySQL Injection?

Thanks in advance for your answers!!!

Answer Source

No. There is nothing preventing the user from editing the HTML of the page and removing that attribute.

Validation should always be done on the server side. See also