Difference between revisions of "PHP/MySQL"
From dbawiki
(Created page with "===Using prepared statements to avoid SQL injection=== <pre> $dbPreparedStatement = $db->prepare('INSERT INTO table (postId, htmlcontent) VALUES (:postid, :htmlcontent)'); $db...") |
(No difference)
|
Revision as of 22:49, 30 December 2012
Using prepared statements to avoid SQL injection
$dbPreparedStatement = $db->prepare('INSERT INTO table (postId, htmlcontent) VALUES (:postid, :htmlcontent)');
$dbPreparedStatement->bindParam(':postid', $userId, PDO::PARAM_INT);
$dbPreparedStatement->bindParam(':htmlcontent', $yourHtmlData, PDO::PARAM_STR);
$dbPreparedStatement->execute();
