ADOdb

Database Abstraction Layer for PHP

User Tools

Site Tools


v5:reference:connection:addq

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Last revision Both sides next revision
v5:reference:connection:addq [2017/05/17 18:58]
mnewnham
v5:reference:connection:addq [2017/05/17 19:06]
mnewnham [Usage]
Line 42: Line 42:
  */  */
 </​code>​ </​code>​
 +==== Using qStr With Bind ====
 +This example shows a completely database independent bind variable statement with special character escaping, providing strong resistance to SQL injection.
 +<code php>
 +$p1 = $db->​param('​p1'​);​
 +$p2 = $db->​param('​p2'​);​
 +
 +/*
 +* Provide internal escaping of ' characters
 +*/
 +$qStringField = $db->​addQ($stringField);​
  
 +$bind = array('​p1'​=>​$integerField,​
 +       '​p2'​=>​$qStringField);​
 +
 +$SQL = "​SELECT *
 + FROM some_table ​
 +       WHERE integer_field=$p1
 + AND string_field=$p2";​
 +
 +$result = $db->​execute($SQL,​$bind);​
 +</​code>​
v5/reference/connection/addq.txt · Last modified: 2018/07/16 19:40 by peterdd