

The Easy Way to Prevent SQL Injection in PHP Applications - paragon_init
https://appsec.solutions/blog/2015/05/preventing-sql-injection-in-php-applications-easy-and-definitive-guide

======
Xeoncross
I wrote a prepared-statement only PDO database abstraction for PostgreSQL,
SQLite, and MySQL in 1kb for PHP called
[https://github.com/Xeoncross/DByte](https://github.com/Xeoncross/DByte). Sure
it's bad form for not supporting dependency injection - but at 1kB it's mostly
there to show new programmers how easy it is to use PDO calls correctly to get
the results you want.

Rather than wasting time iterating over the column results
([https://github.com/paragonie/easydb/blob/master/src%2FEasyDB...](https://github.com/paragonie/easydb/blob/master/src%2FEasyDB.php#L25-L43)),
you can just tell PDO to return that column
([https://github.com/Xeoncross/DByte/blob/master/DByte/DB.php#...](https://github.com/Xeoncross/DByte/blob/master/DByte/DB.php#L73-L81)).

~~~
paragon_init
Thanks for pointing this out. We're always looking for ways to improve our
open source projects and will make the necessary improvements.

EDIT: Done. :)

