FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » PDO MySQL
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: PDO MySQL [message #173232 is a reply to message #173215] Mon, 28 March 2011 16:17 Go to previous message
Thomas Mlynarczyk is currently offline  Thomas Mlynarczyk
Messages: 131
Registered: September 2010
Karma:
Senior Member
smerf schrieb:

> $pole1 = $dbh->quote($pole1);
> $pole2 = $dbh->quote($pole2);
> $pole3 = $dbh->quote($pole3);
>
> $sql = 'UPDATE Tabela SET pole1 = $pole1, pole2 = $pole2 WHERE pole3 =
> $pole3';
> $dbh->query($sql)

You probably meant $sql = "..." (double quotes), otherwise $poleX will
not be replaced with that variable's value. In addition to what Jerry
wrote: You should really use prepared statements instead of manual quoting:

$sql = 'UPDATE Tabela SET pole1 = :pole1, pole2 = :pole2 WHERE pole3 =
:pole3';
$query = $pdo->prepare( $sql );
$query->execute( array(
'pole1' => $pole1, // no need for $pdo->quote( $poleX )
'pole2' => $pole2,
'pole3' => $pole3 ) );

This way you don't need to bother with the quoting and you are immune
against SQL injections.

Greetings,
Thomas


--
Ce n'est pas parce qu'ils sont nombreux à avoir tort qu'ils ont raison!
(Coluche)
[Message index]
 
Read Message
Read Message
Read Message
Previous Topic: Stats comp.lang.php (last 7 days)
Next Topic: Failed @getimagesize() print to error_log?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 30 20:34:03 GMT 2024

Total time taken to generate the page: 0.04385 seconds