v5:reference:connection:addq
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
| v5:reference:connection:addq [2017/05/17 18:58] – mnewnham | v5:reference:connection:addq [2017/05/17 19:06] – [Usage] mnewnham | ||
|---|---|---|---|
| Line 42: | Line 42: | ||
| */ | */ | ||
| </ | </ | ||
| + | ==== Using qStr With Bind ==== | ||
| + | This example shows a completely database independent bind variable statement with special character escaping, providing strong resistance to SQL injection. | ||
| + | <code php> | ||
| + | $p1 = $db-> | ||
| + | $p2 = $db-> | ||
| + | |||
| + | /* | ||
| + | * Provide internal escaping of ' characters | ||
| + | */ | ||
| + | $qStringField = $db-> | ||
| + | $bind = array(' | ||
| + | ' | ||
| + | |||
| + | $SQL = " | ||
| + | FROM some_table | ||
| + | WHERE integer_field=$p1 | ||
| + | AND string_field=$p2"; | ||
| + | |||
| + | $result = $db-> | ||
| + | </ | ||
v5/reference/connection/addq.txt · Last modified: by mnewnham