Jump to content

rwhite35

Members
  • Posts

    159
  • Joined

  • Last visited

Contact Methods

  • Website URL
    http://www.octoberblue.net
  • Yahoo
    rwhite4166@yahoo.com

Profile Information

  • Gender
    Not Telling
  • Location
    Cleveland, Ohio
  • Interests
    Development, playing guitar, watching my boys play sports.

rwhite35's Achievements

Member

Member (2/5)

6

Reputation

  1. @mac_gyver, nice catch. I wasn't thinking mysqli! I've had inconsistent results when using a foreach loop to build the bindValue for $stmt objects. Specifically with OS X 10.10. Using the incrementor rather than foreach has solved the issue. Have you come across that situation before? Thanks,
  2. I use a similar algorithm but only with authenticated users (like an admin) and never with public facing pages... NEVER TRUST un-authenticated input. That said, here is how I programmatically create the binder for the placeholders. try { $stmt = $DB->prepare($query); if ($bind!=null) { $cnt = count($bind); if ($cnt>1) { //mulitple binders $t=1; for($i=0;$i<$cnt;$i++) { $stmt->bindParam($t,$bind[$i]); $t++; } } else { //single binder $stmt->bindParam(1,$bind); } } if($stmt->execute()) { while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $this->result[] = $row; } return $this->result; } else { throw new Exception("L63: Error on dbmanage::query execution."); } } catch ( Exception $e ) { error_log("Error on query method: ".$e->getMessage()); } This line here $stmt->bindParam($t,$bind[$i]); is taking the bind array and applying a number placeholder to the binding, in affect it would be the same as typing $stmt->bindParam(1,$bind[0]); $stmt->bindParam(2,$bind[1]); $stmt->bindParam(3,$bind[2]); Where $bind is an array of your form input. Also, make sure you sanitize everything. Good luck
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.