I mean what does "->" mean?
read up on objects.
also: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers is a pDO tutorial
I just wrote this new code using PDO to INSERT a query to the database.
Is this secure - or am I still at risk for SQL injections??
Have a look:
$stmt = $con->prepare("INSERT INTO pixs(title, Price, location, Description, picname, picname2, date, phonenumber, email) VALUES(:title, :Price, :location, :Description, :picname, :picname2, :date, :phonenumber, :email)");
$stmt->execute(array(':title' => $title, ':Price' => $price, ':location' => $location, ':Description' => $description, ':picname' => $picname, ':picname2' => $picname2, ':date' => $today, ':phonenumber' => $phonenumber, ':email' => $email));
Last edited by requinix; May 30th, 2013 at 02:27 PM.
Reason: code tags to avoid the emoticons
almost, remove the : from your second line and you're there.
Also, it doesn't hurt to format things nicely:
The re-usability comes in when you use the same $sql (you don't need to call prepare and get another PDOStatement object) - all you do is rebuild $args with new values and run $stmt->execute($args); again
$sql = "
) VALUES (
$args = array(
'title' => $title
,'Price' => $price
,'location' => $location
,'Description' => $description
,'picname' => $picname
,'picname2' => $picname2
,'date' => $today
,'phonenumber' => $phonenumber
,'email' => $email
$stmt = $con->prepare($sql);
Last edited by Northie; May 30th, 2013 at 03:58 PM.
Being answered over here.
Originally Posted by phpnewbie34
June 27th, 2013, 04:50 AM
Least Privilege - Database account
Least Privilege - Process account
Cleaning and Validating input