v5:userguide:learn_bind:portability
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Last revisionBoth sides next revision | ||
v5:userguide:learn_bind:portability [2017/05/17 20:26] – [Hardening SQL Statements Against Injection Attacks] mnewnham | v5:userguide:learn_bind:portability [2018/07/14 01:00] – [Hardening SQL Statements Against Injection Attacks] mnewnham | ||
---|---|---|---|
Line 32: | Line 32: | ||
===== Hardening SQL Statements Against Injection Attacks ===== | ===== Hardening SQL Statements Against Injection Attacks ===== | ||
In addition to portability, | In addition to portability, | ||
+ | |||
+ | The following code snippet is compatible across all databases supported by ADOdb | ||
<code php> | <code php> | ||
- | $bindVars = array($db-> | ||
- | $db-> | ||
- | $db-> | ||
$col1Ph = $db-> | $col1Ph = $db-> | ||
$col2Ph = $db-> | $col2Ph = $db-> | ||
$col3Ph = $db-> | $col3Ph = $db-> | ||
+ | |||
+ | |||
+ | $bindVars = array(' | ||
+ | ' | ||
+ | ' | ||
+ | |||
$sql = " | $sql = " | ||
Line 48: | Line 53: | ||
$result = $db-> | $result = $db-> | ||
</ | </ | ||
+ | Note that the order of the bind variables in $bindVars must match the order of insertion into the SQL statement. Some databases use $bindVars as an associative array, but some discard the indexes and use $bindVars as a numeric array. | ||
+ | |||
**You should always perform sanity checks against data transmitted in from public facing websites.** | **You should always perform sanity checks against data transmitted in from public facing websites.** | ||
v5/userguide/learn_bind/portability.txt · Last modified: 2020/12/30 21:29 by peterdd