PHP/MySQL

From dbawiki

Revision as of 22:49, 30 December 2012 by Stuart (talk | contribs) (Created page with "===Using prepared statements to avoid SQL injection=== <pre> $dbPreparedStatement = $db->prepare('INSERT INTO table (postId, htmlcontent) VALUES (:postid, :htmlcontent)'); $db...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Using prepared statements to avoid SQL injection

$dbPreparedStatement = $db->prepare('INSERT INTO table (postId, htmlcontent) VALUES (:postid, :htmlcontent)');
$dbPreparedStatement->bindParam(':postid', $userId, PDO::PARAM_INT);
$dbPreparedStatement->bindParam(':htmlcontent', $yourHtmlData, PDO::PARAM_STR);
$dbPreparedStatement->execute();

Retrieved from "https://mailnest.com/dbawiki/index.php?title=PHP/MySQL&oldid=292"