v5:userguide:learn_bind:portability
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
v5:userguide:learn_bind:portability [2017/05/17 20:24] – mnewnham | v5:userguide:learn_bind:portability [2020/12/30 21:29] (current) – fix variables peterdd | ||
---|---|---|---|
Line 14: | Line 14: | ||
$sql = " | $sql = " | ||
WHERE col1=$col1Ph | WHERE col1=$col1Ph | ||
- | AND col2=$col2ph | + | AND col2=$col2Ph |
AND col3=$col3Ph"; | AND col3=$col3Ph"; | ||
- | $result = $db-> | + | $result = $db-> |
</ | </ | ||
Line 31: | Line 31: | ||
===== Hardening SQL Statements Against Injection Attacks ===== | ===== Hardening SQL Statements Against Injection Attacks ===== | ||
- | In addition to portability, | + | In addition to portability, |
+ | |||
+ | The following code snippet is compatible across all databases supported by ADOdb | ||
<code php> | <code php> | ||
- | $bindVars = array($db-> | ||
- | $db-> | ||
- | $db-> | ||
$col1Ph = $db-> | $col1Ph = $db-> | ||
$col2Ph = $db-> | $col2Ph = $db-> | ||
$col3Ph = $db-> | $col3Ph = $db-> | ||
+ | |||
+ | |||
+ | $bindVars = array(' | ||
+ | ' | ||
+ | ' | ||
+ | |||
$sql = " | $sql = " | ||
WHERE col1=$col1Ph | WHERE col1=$col1Ph | ||
- | AND col2=$col2ph | + | AND col2=$col2Ph |
AND col3=$col3Ph"; | AND col3=$col3Ph"; | ||
- | $result = $db-> | + | $result = $db-> |
- | < | + | </code> |
+ | Note that the order of the bind variables in $bindVars must match the order of insertion into the SQL statement. Some databases use $bindVars as an associative array, but some discard the indexes and use $bindVars as a numeric array. | ||
**You should always perform sanity checks against data transmitted in from public facing websites.** | **You should always perform sanity checks against data transmitted in from public facing websites.** | ||
v5/userguide/learn_bind/portability.1495045473.txt.gz · Last modified: 2017/05/17 20:24 by mnewnham