In magento, how can I write prepared statements using core_resource?

Question

In magento, how can I write prepared statements using core_resource?

I am writing my own update requests, for example:

$upd = Mage::getSingleton('core/resource')->getConnection('core_write')->query($qry);

But with that, I mostly write insecure regular sql queries. What can I change in this code above to use prepared instructions?

+4

magento

Aoi Feb 10 '14 at 13:59

source share

1 answer

edmondscommerce · Accepted Answer · 2014-02-10T14:33:55+0000

If you want to associate the parameters that I think you have in mind, you can do this as usual with PDO and then pass an array of parameters as the second argument to the request method.

See this similar question: Using Magento Methods to Write Paste Queries with Care in SQL Injection

In magento, how can I write prepared statements using core_resource?

More articles: