A community in which webmasters can ask for help with topics such as PHP coding , MySQL , IT jobs, web design, IT security.
Current location:homephp forumphp talk in 2009 yearparameters in MySQLi - page 1
User InfoPosts
parameters in MySQLi#1
I(m using PHP with MySQLi, and I(m in a situation where I have queries like

SELECT $fields FROM $table WHERE $this=$that AND $this2=$that2


So far I(ve written some code that splices up an array that I give it, for example:

$search = array(name=michael, age=20) //turns into
SELECT $fields FROM $table WHERE name=michael AND age=20


Is there a more efficient way to do this?

I(m rather worried about MySQL injections - this seems very vulnerable.
Thanks!

posted date: 2009-04-07 17:55:00


Re: parameters in MySQLi#2
I had made out the solution of this problem. click to view my topic...

hope that hepls.

posted date: 2009-04-07 17:55:01


Re: parameters in MySQLi#3
Oddly enough, the title to your question is basically the answer to it. You want to do something like this, using mysqli parameterized queries:$db = new mysqli(<database connection info here>);$name = "michael";$age = 20;$stmt = $db->prepare("SELECT $fields FROm $table WHERE name = ? AND age = ?");$stmt->bind_param("si", $name, $age);$stmt->execute();$stmt->close();More information in the mysqli section of the manual, specifically the functions related to MySQLi_STMT.Note that I personally prefer using PDO over mysqli, I don(t like all the bind_param / bind_result stuff that mysqli does. If I have to use it I write a wrapper around it to make it work more like PDO.

posted date: 2009-04-07 18:02:00


select page: « 1 »
Copyright ©2008-2017 www.momige.com, all rights reserved.