From 918c2a085b93dfdb263e2a288e2d1b91b7c8c185 Mon Sep 17 00:00:00 2001
From: primitive-type <percy.hatcherson@gmail.com>
Date: Sun, 8 Jul 2012 22:12:14 -0500
Subject: [PATCH] Update PDO example to use INPUT_GET instead of FILTER_GET for
 the type parameter of the filter_input function.
 http://www.php.net/manual/en/function.filter-input.php

---
 _includes/databases.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_includes/databases.md b/_includes/databases.md
index 8d8b4d9..d49271a 100644
--- a/_includes/databases.md
+++ b/_includes/databases.md
@@ -15,7 +15,7 @@ This is terrible code. You are inserting a raw query parameter into a SQL query.
     <?php
     $pdo = new PDO('sqlite:users.db');
     $stmt = $pdo->prepare('SELECT name FROM users WHERE id = :id');
-    $stmt->bindParam(':id', filter_input(FILTER_GET, 'id', FILTER_SANITIZE_NUMBER_INT), PDO::PARAM_INT);
+    $stmt->bindParam(':id', filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT), PDO::PARAM_INT);
     $stmt->execute();
 
 This is correct code. It uses a bound parameter on a PDO statement. This escapes the foreign input ID before it is introduced to the database preventing potential SQL injection attacks.