The difference between passing a data type and executing an array without them

Question

The difference between passing a data type and executing an array without them

I just want to know if these 2 sets of code do the same or not, if there is no difference?

$connect= new CONNECT(); $sql = ("query here"); $stmt = $connect->runQuery($sql); $stmt->bindParam(':sample', $_POST['sample'], PDO::PARAM_STR); $stmt->bindParam(':sample2', $_POST['sample2'], PDO::PARAM_STR); $stmt->bindParam(':sample3', $_POST['sample3'], PDO::PARAM_STR); $stmt->execute();

======================== And ======================== =

 $connect= new CONNECT(); $sql = ("query here"); $stmt = $connect->runQuery($sql); $stmt->execute(Array( ':sample1' => $_POST['sample'], ':sample2' => $_POST['sample2'], ':sample3' => $_POST['sample3'] ));

FYI, both work just fine, just wanting to know if I get all the security benefits using one of them. Thanks.

+5

php mysql pdo

John martin Sep 26 '17 at 9:34

source share

1 answer

Saty · Accepted Answer · 2017-09-26T09:37:50+0000

By $stmt->execute() parameters along with the $stmt->execute() method, all values in array c are transferred as PDO::PARAM_STR to the operator using the $stmt->bindParam() function.

And with the $stmt->bindParam() function, you can determine the data type passed together with PDO::PARAM_*

The difference between passing a data type and executing an array without them

More articles: