ADOdb

Database Abstraction Layer for PHP

User Tools

Site Tools


v5:reference:connection:addq

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
v5:reference:connection:addq [2017/05/17 18:58] mnewnhamv5:reference:connection:addq [2017/05/17 19:06] – [Usage] mnewnham
Line 42: Line 42:
  */  */
 </code> </code>
 +==== Using qStr With Bind ====
 +This example shows a completely database independent bind variable statement with special character escaping, providing strong resistance to SQL injection.
 +<code php>
 +$p1 = $db->param('p1');
 +$p2 = $db->param('p2');
 +
 +/*
 +* Provide internal escaping of ' characters
 +*/
 +$qStringField = $db->addQ($stringField);
  
 +$bind = array('p1'=>$integerField,
 +       'p2'=>$qStringField);
 +
 +$SQL = "SELECT *
 + FROM some_table 
 +       WHERE integer_field=$p1
 + AND string_field=$p2";
 +
 +$result = $db->execute($SQL,$bind);
 +</code>
v5/reference/connection/addq.txt · Last modified: by mnewnham