ADOdb

Database Abstraction Layer for PHP

User Tools

Site Tools

Trace: Debugging Connections Memcached Setup getInsertSql Creating A New Driver
v5:userguide:learn_bind:portability

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
v5:userguide:learn_bind:portability [2018/07/14 01:00] – [Hardening SQL Statements Against Injection Attacks] mnewnhamv5:userguide:learn_bind:portability [2020/12/30 21:29] (current) – fix variables peterdd
Line 14: Line 14:
 $sql = "SELECT * FROM some_table  $sql = "SELECT * FROM some_table 
                 WHERE col1=$col1Ph                  WHERE col1=$col1Ph 
-                  AND col2=$col2ph +                  AND col2=$col2Ph 
                   AND col3=$col3Ph";                   AND col3=$col3Ph";
-$result = $db->execute($sql,$bindVars);+$result = $db->execute($sql, $bindVars);
 </code> </code>
  
Line 49: Line 49:
 $sql = "SELECT * FROM some_table  $sql = "SELECT * FROM some_table 
                 WHERE col1=$col1Ph                  WHERE col1=$col1Ph 
-                  AND col2=$col2ph +                  AND col2=$col2Ph 
                   AND col3=$col3Ph";                   AND col3=$col3Ph";
-$result = $db->execute($sql,$bindVars);+$result = $db->execute($sql, $bindVars);
 </code> </code>
 Note that the order of the bind variables in $bindVars must match the order of insertion into the SQL statement. Some databases use $bindVars as an associative array, but some discard the indexes and use $bindVars as a numeric array. Note that the order of the bind variables in $bindVars must match the order of insertion into the SQL statement. Some databases use $bindVars as an associative array, but some discard the indexes and use $bindVars as a numeric array.
v5/userguide/learn_bind/portability.1531522816.txt.gz · Last modified: by mnewnham