<\/script>')
All geek questions in one place

Bind variables in mysql_query statement

Mysql_query example:

$query=mysql_query("SELECT `col1`, `col2` FROM `table` WHERE
`col1`='$escapedvariable' ");

I know that this is not very good in practice.

Improved query using the prepare and execute command

$pSt = $dbh->prepare('SELECT col1, col2 FROM table WHERE col1=:col1);

$pSt->execute(array(':col1'=>$escapedvariable);

$status=$pSt->errorCode();

Question: Can I use mysql_querywith related variables for added security?

+3
source share
1 answer

No, you should use mysqli functions or PDO .

+4
source

Source: https://habr.com/ru/post/1788673/

More articles:


All Articles