Re: DB code

17 Oct 2005


      garaged wrote:
...
Not only attackable, but slower too, I think sprinf is still slower
than echo, but that can be tested for modern versions of PHP.
what you actually likely want to use is prepared queries .. then the 
database (or the emulation layer) will take care of combining the SQL 
with the data.
http://pear.php.net/manual/en/package.database.db.intro-execute.php
MDB2 works much in the same way. It just supports a wider range of 
datatypes. Also MDB2 supports Oracle style placeholders which are nice 
for readability:
SELECT surname, name, age
     FROM person
     WHERE name = :name AND age < :age
versus ? style
SELECT surname, name, age
     FROM person
     WHERE name = ? AND age < ?
regards,
Lukas

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: DB code