Jump to content

Recommended Posts

Hey guys

 

Slightly lost on how to do this one. Im trying to make a function which will insert data into a MySQL table. But im trying to make it universal, so i can use the same function for any part of the application, so theres only one mysql query i need to secure, rather then hundreds across the entire site.

 

I know how i can make it go to the right table and such, my problem is how do i make it add the array of values to insert, when i have no idea how long it will be? 

 

Struggling to find a clear method online

This is going to make your security worse, not better, because generating entirely dynamic queries is a nontrivial task which has failed many times even in big projects.

 

My advice is: Just don't. If you find mysqli too cumbersome, switch to PDO.

This is going to make your security worse, not better, because generating entirely dynamic queries is a nontrivial task which has failed many times even in big projects.

 

My advice is: Just don't. If you find mysqli too cumbersome, switch to PDO.

 

My concern is simply the fact, that a new security feature will come out, or something which you are advised to add. Like when mysqli was added and preparing statements (Compared to just using escape string before). I could have potentially hundreds of queries to lock down instead of one.

 

What do you suggest in regards to that? 

mysqli was introduced 13(!) years ago, so it's not like they add a new feature every week. If you want your code to last many decades without ever being touched, web development isn't really the right industry.

 

The best you can probably do right now is use PDO. It's a universal database interface which covers all mainstream SQL systems, so it won't go away anytime soon.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.