mirror of
https://github.com/dg/dibi.git
synced 2025-02-23 10:26:21 +01:00
readme: some minor corrections (#331)
This commit is contained in:
magikstm
David Grudl
parent
7e127f5914
commit
219882a962
@ -110,7 +110,7 @@ $ids = [10, 20, 30];
|
|||||||
$result = $database->query('SELECT * FROM users WHERE id IN (?)', $ids);
|
$result = $database->query('SELECT * FROM users WHERE id IN (?)', $ids);
|
||||||
```
|
```
|
||||||
|
|
||||||
**WARNING, never concencate parameters to SQL, the vulnerability would arise [SQL injection](https://en.wikipedia.org/wiki/SQL_injection)**
|
**WARNING: Never concatenate parameters to SQL. It would create a [SQL injection](https://en.wikipedia.org/wiki/SQL_injection)** vulnerability.
|
||||||
```
|
```
|
||||||
$result = $database->query('SELECT * FROM users WHERE id = ' . $id); // BAD!!!
|
$result = $database->query('SELECT * FROM users WHERE id = ' . $id); // BAD!!!
|
||||||
```
|
```
|
||||||
@ -147,7 +147,7 @@ $name = $database->fetchSingle('SELECT name FROM users WHERE id = ?', $id);
|
|||||||
|
|
||||||
### Modifiers
|
### Modifiers
|
||||||
|
|
||||||
In addition to the `?` wild char, we can also use modifiers:
|
In addition to the `?` wildcard char, we can also use modifiers:
|
||||||
|
|
||||||
| modifier | description
|
| modifier | description
|
||||||
|----------|-----
|
|----------|-----
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user