MDanz Posted July 6, 2012 Share Posted July 6, 2012 The below prepared statement doesn't insert into the database. $sid =1; $sid2 = $GET['sid2']; //empty $position = 0; $name = "John"; $new = $connectdb->prepare("INSERT INTO `table1` VALUES ('',:sid,:sid2,:position,:name)"); $new->execute(array(':sid'=>$sid,':sid2'=>$sid2,':position'=>$position,':name'=>$name)); When i add quotations to execute array values, then the insert works. $new->execute(array(':sid'=>"$sid",':sid2'=>"$sid2",':position'=>"$position",':name'=>"$name")); What i want to know is by adding quotations does this affect PDO's sanitization? Link to comment https://forums.phpfreaks.com/topic/265291-php-pdo-execute-array-quotations/ Share on other sites More sharing options...
xyph Posted July 6, 2012 Share Posted July 6, 2012 You shouldn't have to add quotes... <?php try { $pdo = new PDO('mysql:host=localhost;dbname=db','root',''); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $val1 = 'foo'; $val2 = 'bar'; $q = 'INSERT INTO test (column1, column2) VALUES (:param1, :param2)'; $stmt = $pdo->prepare($q); $stmt->execute( array(':param1'=>$val1,':param2'=>$val2) ); } catch( PDOException $e ) { echo 'Error: '.$e->getMessage().'<br>'.$pdo->errorInfo(); } ?> Works fine for me. Link to comment https://forums.phpfreaks.com/topic/265291-php-pdo-execute-array-quotations/#findComment-1359588 Share on other sites More sharing options...
requinix Posted July 6, 2012 Share Posted July 6, 2012 PDO treats null values in PHP as NULL values in MySQL. Apparently the third column in that table doesn't allow for NULLs. (Or maybe there's a uniqueness constraint.) And yes, null. Because unless you defined a $GET array (coughunderscore) then $sid2 is null. Link to comment https://forums.phpfreaks.com/topic/265291-php-pdo-execute-array-quotations/#findComment-1359600 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.