I have heard alot about sql injection and how it is normally caused. Mostly sql injection in my opinion is caused through search boxes. Now my question is quite simple. Is it advisable to store the search keyword in a session variable to prevent sql injection? I don't want to expose the keyword through the querystring as it is prone to attacks. So in short there is no harm in using session variables to store the keyword right?
View Complete Post