Simon Willison’s Weblog

PHP immune to SQL injection attacks

17th August 2002

An interesting thread on SitePoint about SQL injection attacks. One of the points brought up is that PHP is by default virtually immune to injection attacks thanks to magic quotes (discussed here yesterday).

Posted 17th August 2002 at 2:47 pm · Follow me on Mastodon, Bluesky, Twitter or subscribe to my newsletter

More recent articles

Thoughts on OpenAI acquiring Astral and uv/ruff/ty - 19th March 2026
GPT-5.4 mini and GPT-5.4 nano, which can describe 76,000 photos for $52 - 17th March 2026
My fireside chat about agentic engineering at the Pragmatic Summit - 14th March 2026

This is PHP immune to SQL injection attacks by Simon Willison, posted on 17th August 2002.

php 190 sql-injection 18

Next: Working on my blog

Previous: Tips for working from home

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe

Previously hosted at http://simon.incutio.com/archive/2002/08/17/phpSqlInjectionAttacks