FUDforum: comp.lang.php

Home » Imported messages » comp.lang.php » PDO MySQL

Show: Today's Messages :: Polls :: Message Navigator

Re: PDO MySQL [message #173232 is a reply to message #173215]

Mon, 28 March 2011 16:17

Thomas Mlynarczyk
Messages: 131
Registered: September 2010

Karma:

Senior Member

smerf schrieb:

> $pole1 = $dbh->quote($pole1);
> $pole2 = $dbh->quote($pole2);
> $pole3 = $dbh->quote($pole3);
>
> $sql = 'UPDATE Tabela SET pole1 = $pole1, pole2 = $pole2 WHERE pole3 =
> $pole3';
> $dbh->query($sql)

You probably meant $sql = "..." (double quotes), otherwise $poleX will
not be replaced with that variable's value. In addition to what Jerry
wrote: You should really use prepared statements instead of manual quoting:

$sql = 'UPDATE Tabela SET pole1 = :pole1, pole2 = :pole2 WHERE pole3 =
:pole3';
$query = $pdo->prepare( $sql );
$query->execute( array(
'pole1' => $pole1, // no need for $pdo->quote( $poleX )
'pole2' => $pole2,
'pole3' => $pole3 ) );

This way you don't need to bother with the quoting and you are immune
against SQL injections.

Greetings,
Thomas

--
Ce n'est pas parce qu'ils sont nombreux à avoir tort qu'ils ont raison!
(Coluche)

Report message to a moderator

[Message index]

		PDO MySQL By: smerf on Mon, 28 March 2011 12:57
		Re: PDO MySQL By: Jerry Stuckle on Mon, 28 March 2011 13:47
		Re: PDO MySQL By: Thomas Mlynarczyk on Mon, 28 March 2011 16:17

Previous Topic:	Stats comp.lang.php (last 7 days)
Next Topic:	Failed @getimagesize() print to error_log?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sun Oct 20 00:21:18 GMT 2024

Total time taken to generate the page: 0.06072 seconds