How to use prepared statements (named parameters) on a php Class
Posted
by
Mohamed Adib Errifai
on Stack Overflow
See other posts from Stack Overflow
or by Mohamed Adib Errifai
Published on 2012-10-03T13:46:06Z
Indexed on
2012/10/03
21:38 UTC
Read the original article
Hit count: 175
This is my first post here. I've searched in the site, but inforutunaly no matchs. Anyway, i want to know how to use named parameters on a class. so the pdo basic form is something like.
$query = $bdd->prepare('SELECT * FROM table WHERE login = :login AND pww = :pww');
$query->execute(array('login' => $login, 'pww' => $pww));
and i want to integrate this on a class regardless of the number of parameters. Currently, i have this code
and for parameters, i use somethings like ( which is wrong and vulnerable to injection )
require_once 'classes/Mysql.class.php';
$mysql = new Mysql();
$sql = 'SELECT * FROM articles WHERE id = '.$_GET['id'].' LIMIT 1';
$data = $mysql->select($sql);
And Thanks.
© Stack Overflow or respective owner