info/php-the-right-way
1
0
Fork 0
mirror of https://github.com/codeguy/php-the-right-way.git synced 2025-08-12 00:33:58 +02:00
Code Issues Projects Releases Wiki Activity

Update 07-03-01-Databases_PDO.md

Browse Source 
http://php.net/manual/en/function.filter-input.php
This commit is contained in:
Aykut Farsak
2015-01-22 12:00:32 +02:00
parent 2d3b4260dc
commit 0a78e24f3d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
_posts/07-03-01-Databases_PDO.md
View File

@@ -50,7 +50,7 @@ FROM users` which will delete all of your users! Instead, you should sanitize th
<?php <?php
$pdo = new PDO('sqlite:/path/db/users.db'); $pdo = new PDO('sqlite:/path/db/users.db');
$stmt = $pdo->prepare('SELECT name FROM users WHERE id = :id'); $stmt = $pdo->prepare('SELECT name FROM users WHERE id = :id');
$id = filter_input(FILTER_GET, 'id', FILTER_SANITIZE_NUMBER_INT); // <-- filter your data first (see [Data Filtering](#data_filtering)), especially important for INSERT, UPDATE, etc. $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); // <-- filter your data first (see [Data Filtering](#data_filtering)), especially important for INSERT, UPDATE, etc.
$stmt->bindParam(':id', $id, PDO::PARAM_INT); // <-- Automatically sanitized for SQL by PDO $stmt->bindParam(':id', $id, PDO::PARAM_INT); // <-- Automatically sanitized for SQL by PDO
$stmt->execute(); $stmt->execute();
{% endhighlight %} {% endhighlight %}