Eiolon Posted September 24, 2011 Share Posted September 24, 2011 I am starting to learn PDO by re-writing one of my existing scripts. Do I still need to validate $_GET or does PDO do the work for me? Currently I am using: $id = $_GET['id']; $sth = $dbh->prepare('DELETE FROM van_reservations WHERE id = :id'); $sth->bindParam(':id', $id, PDO::PARAM_INT); $sth->execute(); I used to validate by using this: $id = isset($_GET['id']) && is_numeric($_GET['id'])?(int) $_GET['id']:0; Link to comment https://forums.phpfreaks.com/topic/247790-quick-pdo-question/ Share on other sites More sharing options...
premiso Posted September 24, 2011 Share Posted September 24, 2011 You should still validate the data, especially if you want to give useful errors to people. You just won't need to escape the data, as the prepared statement (bindParam) handles that for you. Link to comment https://forums.phpfreaks.com/topic/247790-quick-pdo-question/#findComment-1272440 Share on other sites More sharing options...
Eiolon Posted September 24, 2011 Author Share Posted September 24, 2011 Thanks Link to comment https://forums.phpfreaks.com/topic/247790-quick-pdo-question/#findComment-1272441 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.