Houston Chronicle

Stored Procedures Vs. Prepared Statements in PHP and MySQL

The PHP development language provides you with a "prepare" function to send a prepared statement to a SQL database. You can use full, inline SQL statements in the prepared statement function or send ...
Computerworld

Beyond stored procedures: Defense-in-depth against SQL injection

SPI Dynamics – A few years ago, mentioning the phrase “SQL injection” to developers would probably get you blank stares. Today, while more developers have heard of SQL injection 1 attacks and know the ...