Return to Answer

replaced http://stackoverflow.com/ with https://stackoverflow.com/

edited May 23, 2017 at 12:40

edited May 23, 2017 at 12:40

Well, let's see:

You're using PDO and prepared statements, no risk of SQL injection there. Great!
Your PDO code may throw an Exception (Specifically, a PDOException) at any time, so the whole database code block should be kept inside of the try/catch block.
crypt in on itself isn't 100% secure. See This question This question for more details.
Database credentials are not constant. They can change over time, and you may want to change the server, change the user, add an additional database etc in the near/far future. The solution is to use functions (or better yet, classes) and pass the credentials as variables, rather then applying them as app-wide constants.

Well, let's see:

You're using PDO and prepared statements, no risk of SQL injection there. Great!
Your PDO code may throw an Exception (Specifically, a PDOException) at any time, so the whole database code block should be kept inside of the try/catch block.
crypt in on itself isn't 100% secure. See This question for more details.
Database credentials are not constant. They can change over time, and you may want to change the server, change the user, add an additional database etc in the near/far future. The solution is to use functions (or better yet, classes) and pass the credentials as variables, rather then applying them as app-wide constants.

Well, let's see:

You're using PDO and prepared statements, no risk of SQL injection there. Great!
Your PDO code may throw an Exception (Specifically, a PDOException) at any time, so the whole database code block should be kept inside of the try/catch block.
crypt in on itself isn't 100% secure. See This question for more details.
Database credentials are not constant. They can change over time, and you may want to change the server, change the user, add an additional database etc in the near/far future. The solution is to use functions (or better yet, classes) and pass the credentials as variables, rather then applying them as app-wide constants.

Post Migrated Here from stackoverflow.com (revisions)

occurred Aug 2, 2012 at 17:39

answered Aug 2, 2012 at 17:30

answered Aug 2, 2012 at 17:30

Well, let's see:

You're using PDO and prepared statements, no risk of SQL injection there. Great!
Your PDO code may throw an Exception (Specifically, a PDOException) at any time, so the whole database code block should be kept inside of the try/catch block.
crypt in on itself isn't 100% secure. See This question for more details.
Database credentials are not constant. They can change over time, and you may want to change the server, change the user, add an additional database etc in the near/far future. The solution is to use functions (or better yet, classes) and pass the credentials as variables, rather then applying them as app-wide constants.

lang-php