ADOdb

Database Abstraction Layer for PHP

User Tools

Site Tools

Trace:
v5:reference:connection:addq

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
v5:reference:connection:addq [2017/05/17 18:58] mnewnhamv5:reference:connection:addq [2018/07/16 19:40] – start functions lowercase peterdd
Line 22: Line 22:
 $SQL = "SELECT * FROM names WHERE name='$string'"; $SQL = "SELECT * FROM names WHERE name='$string'";
  
-$result = $db->Execute($SQL);+$result = $db->execute($SQL);
  
 /* /*
Line 36: Line 36:
 $SQL = "SELECT * FROM names WHERE name='$qString'"; $SQL = "SELECT * FROM names WHERE name='$qString'";
  
-$result = $db->Execute($SQL);+$result = $db->execute($SQL);
  
 /* /*
- * Execution Succeeds+ * Execution succeeds
  */  */
 </code> </code>
 +==== Using qStr With Bind ====
 +This example shows a completely database independent bind variable statement with special character escaping, providing strong resistance to SQL injection.
 +<code php>
 +$p1 = $db->param('p1');
 +$p2 = $db->param('p2');
 +
 +/*
 +* Provide internal escaping of ' characters
 +*/
 +$qStringField = $db->addQ($stringField);
  
 +$bind = array('p1'=>$integerField,
 +       'p2'=>$qStringField);
 +
 +$SQL = "SELECT *
 + FROM some_table 
 +       WHERE integer_field=$p1
 + AND string_field=$p2";
 +
 +$result = $db->execute($SQL,$bind);
 +</code>
v5/reference/connection/addq.txt · Last modified: 2021/01/25 03:00 by mnewnham