I mean what does "->" mean?
read up on objects.
also: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers is a pDO tutorial
I just wrote this new code using PDO to INSERT a query to the database.
Is this secure - or am I still at risk for SQL injections??
Have a look:
$stmt = $con->prepare("INSERT INTO pixs(title, Price, location, Description, picname, picname2, date, phonenumber, email) VALUES(:title, :Price, :location, :Description, :picname, :picname2, :date, :phonenumber, :email)");
$stmt->execute(array(':title' => $title, ':Price' => $price, ':location' => $location, ':Description' => $description, ':picname' => $picname, ':picname2' => $picname2, ':date' => $today, ':phonenumber' => $phonenumber, ':email' => $email));
Last edited by requinix; May 30th, 2013 at 03:27 PM. Reason: code tags to avoid the emoticons
almost, remove the : from your second line and you're there.
Also, it doesn't hurt to format things nicely:
The re-usability comes in when you use the same $sql (you don't need to call prepare and get another PDOStatement object) - all you do is rebuild $args with new values and run $stmt->execute($args); againPHP Code:
$sql = "
) VALUES (
$args = array(
'title' => $title
,'Price' => $price
,'location' => $location
,'Description' => $description
,'picname' => $picname
,'picname2' => $picname2
,'date' => $today
,'phonenumber' => $phonenumber
,'email' => $email
$stmt = $con->prepare($sql);
Last edited by Northie; May 30th, 2013 at 04:58 PM.
I said I didn't like ORM!!! <?php $this->model->update($this->request->resources)->set($this->request->getData())->getData('count'); ?>
PDO vs mysql_* functions: Find a Migration Guide Here
[ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]