How to use prepared statements (named parameters) on a php Class

Posted by Mohamed Adib Errifai on Stack Overflow See other posts from Stack Overflow or by Mohamed Adib Errifai
Published on 2012-10-03T13:46:06Z Indexed on 2012/10/03 21:38 UTC
Read the original article Hit count: 175

This is my first post here. I've searched in the site, but inforutunaly no matchs. Anyway, i want to know how to use named parameters on a class. so the pdo basic form is something like.

$query = $bdd->prepare('SELECT * FROM table WHERE login = :login AND pww = :pww');
$query->execute(array('login' => $login, 'pww' => $pww));

and i want to integrate this on a class regardless of the number of parameters. Currently, i have this code

http://pastebin.com/kKgSkaKt

and for parameters, i use somethings like ( which is wrong and vulnerable to injection )

require_once 'classes/Mysql.class.php';
$mysql = new Mysql();
$sql = 'SELECT * FROM articles WHERE id = '.$_GET['id'].' LIMIT 1';
$data = $mysql->select($sql);

And Thanks.

© Stack Overflow or respective owner

Related posts about php

Related posts about class