v5:reference:connection:addq
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
v5:reference:connection:addq [2017/04/21 11:50] – external edit 127.0.0.1 | v5:reference:connection:addq [2021/01/25 03:00] (current) – mnewnham | ||
---|---|---|---|
Line 6: | Line 6: | ||
== Syntax == | == Syntax == | ||
string addQ( | string addQ( | ||
- | | + | |
- | | + | |
) | ) | ||
</ | </ | ||
==== Description ==== | ==== Description ==== | ||
The function '' | The function '' | ||
+ | |||
+ | This method is particularly useful when used with [[v5: | ||
------------------------------ | ------------------------------ | ||
Line 20: | Line 21: | ||
$SQL = " | $SQL = " | ||
- | $result = $db->Execute($SQL); | + | $result = $db->execute($SQL); |
/* | /* | ||
Line 34: | Line 35: | ||
$SQL = " | $SQL = " | ||
- | $result = $db->Execute($SQL); | + | $result = $db->execute($SQL); |
/* | /* | ||
- | * Execution | + | * Execution |
*/ | */ | ||
</ | </ | ||
+ | ==== Using qStr With Bind ==== | ||
+ | This example shows a completely database independent bind variable statement with special character escaping, providing strong resistance to SQL injection. | ||
+ | <code php> | ||
+ | $p1 = $db-> | ||
+ | $p2 = $db-> | ||
+ | |||
+ | /* | ||
+ | * Provide internal escaping of ' characters | ||
+ | */ | ||
+ | $qStringField = $db-> | ||
+ | $bind = array(' | ||
+ | ' | ||
+ | |||
+ | $SQL = " | ||
+ | FROM some_table | ||
+ | WHERE integer_field=$p1 | ||
+ | AND string_field=$p2"; | ||
+ | |||
+ | $result = $db-> | ||
+ | </ |
v5/reference/connection/addq.1492768236.txt.gz · Last modified: 2017/05/17 18:58 (external edit)