User Tools
v5:reference:connection:addq
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Last revision Both sides next revision | ||
|
v5:reference:connection:addq [2017/05/17 18:58] mnewnham |
v5:reference:connection:addq [2017/05/17 19:06] mnewnham [Usage] |
||
|---|---|---|---|
| Line 42: | Line 42: | ||
| */ | */ | ||
| </code> | </code> | ||
| + | ==== Using qStr With Bind ==== | ||
| + | This example shows a completely database independent bind variable statement with special character escaping, providing strong resistance to SQL injection. | ||
| + | <code php> | ||
| + | $p1 = $db->param('p1'); | ||
| + | $p2 = $db->param('p2'); | ||
| + | |||
| + | /* | ||
| + | * Provide internal escaping of ' characters | ||
| + | */ | ||
| + | $qStringField = $db->addQ($stringField); | ||
| + | $bind = array('p1'=>$integerField, | ||
| + | 'p2'=>$qStringField); | ||
| + | |||
| + | $SQL = "SELECT * | ||
| + | FROM some_table | ||
| + | WHERE integer_field=$p1 | ||
| + | AND string_field=$p2"; | ||
| + | |||
| + | $result = $db->execute($SQL,$bind); | ||
| + | </code> | ||
v5/reference/connection/addq.txt · Last modified: 2018/07/16 19:40 by peterdd
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
