info/php-the-right-way
1
0
Fork 0
mirror of https://github.com/codeguy/php-the-right-way.git synced 2025-08-11 00:03:58 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #540 from aykutfarsak/patch-1

Browse Source 
Update 07-03-01-Databases_PDO.md
This commit is contained in:
Phil Sturgeon
2015-01-22 15:00:35 -05:00
parent 2d3b4260dc 0a78e24f3d
commit e9ccefb998
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
_posts/07-03-01-Databases_PDO.md
View File

@@ -50,7 +50,7 @@ FROM users` which will delete all of your users! Instead, you should sanitize th
<?php <?php
$pdo = new PDO('sqlite:/path/db/users.db'); $pdo = new PDO('sqlite:/path/db/users.db');
$stmt = $pdo->prepare('SELECT name FROM users WHERE id = :id'); $stmt = $pdo->prepare('SELECT name FROM users WHERE id = :id');
$id = filter_input(FILTER_GET, 'id', FILTER_SANITIZE_NUMBER_INT); // <-- filter your data first (see [Data Filtering](#data_filtering)), especially important for INSERT, UPDATE, etc. $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); // <-- filter your data first (see [Data Filtering](#data_filtering)), especially important for INSERT, UPDATE, etc.
$stmt->bindParam(':id', $id, PDO::PARAM_INT); // <-- Automatically sanitized for SQL by PDO $stmt->bindParam(':id', $id, PDO::PARAM_INT); // <-- Automatically sanitized for SQL by PDO
$stmt->execute(); $stmt->execute();
{% endhighlight %} {% endhighlight %}