Eiolon Posted September 24, 2011 Share Posted September 24, 2011 I am starting to learn PDO by re-writing one of my existing scripts. Do I still need to validate $_GET or does PDO do the work for me? Currently I am using: $id = $_GET['id']; $sth = $dbh->prepare('DELETE FROM van_reservations WHERE id = :id'); $sth->bindParam(':id', $id, PDO::PARAM_INT); $sth->execute(); I used to validate by using this: $id = isset($_GET['id']) && is_numeric($_GET['id'])?(int) $_GET['id']:0; Quote Link to comment Share on other sites More sharing options...
premiso Posted September 24, 2011 Share Posted September 24, 2011 You should still validate the data, especially if you want to give useful errors to people. You just won't need to escape the data, as the prepared statement (bindParam) handles that for you. Quote Link to comment Share on other sites More sharing options...
Eiolon Posted September 24, 2011 Author Share Posted September 24, 2011 Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.