ADOdb

Database Abstraction Layer for PHP

User Tools

Site Tools


v5:reference:connection:addq

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
v5:reference:connection:addq [2017/05/17 18:58]
mnewnham
v5:reference:connection:addq [2018/07/16 19:40]
peterdd start functions lowercase
Line 22: Line 22:
 $SQL = "​SELECT * FROM names WHERE name='​$string'";​ $SQL = "​SELECT * FROM names WHERE name='​$string'";​
  
-$result = $db->Execute($SQL);+$result = $db->execute($SQL);
  
 /* /*
Line 36: Line 36:
 $SQL = "​SELECT * FROM names WHERE name='​$qString'";​ $SQL = "​SELECT * FROM names WHERE name='​$qString'";​
  
-$result = $db->Execute($SQL);+$result = $db->execute($SQL);
  
 /* /*
- * Execution ​Succeeds+ * Execution ​succeeds
  */  */
 </​code>​ </​code>​
 +==== Using qStr With Bind ====
 +This example shows a completely database independent bind variable statement with special character escaping, providing strong resistance to SQL injection.
 +<code php>
 +$p1 = $db->​param('​p1'​);​
 +$p2 = $db->​param('​p2'​);​
 +
 +/*
 +* Provide internal escaping of ' characters
 +*/
 +$qStringField = $db->​addQ($stringField);​
  
 +$bind = array('​p1'​=>​$integerField,​
 +       '​p2'​=>​$qStringField);​
 +
 +$SQL = "​SELECT *
 + FROM some_table ​
 +       WHERE integer_field=$p1
 + AND string_field=$p2";​
 +
 +$result = $db->​execute($SQL,​$bind);​
 +</​code>​
v5/reference/connection/addq.txt · Last modified: 2018/07/16 19:40 by peterdd