Luis Gerardo Runge Luis Gerardo Runge - 1 year ago 71
MySQL Question

Can I prevent MySQL injection if I do not allow to use simbols in the form?

Just a stupid question: I know very well how to prevent MySQL Injection using PDO and MySQLi, but Can I prevent it if I just do not allow symbols in the forms?

I mean: If I use something like:

<input name="txt_user" id="txt_user" pattern="[a-zA-Z0-9-]+">

Can this prevent MySQL Injection?

Thanks in advance for your answers!!!

Answer Source

No. There is nothing preventing the user from editing the HTML of the page and removing that attribute.

Validation should always be done on the server side. See also

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download