TalkPHP
Home Forums Articles Glossary Awards Register Rules Members Search Today's Posts Mark Forums Read
 
 
 
Account Login
Latest Articles
» The basic usage of PHPTAL, a XML/XHTML template library for PHP
by awuehr on 11-10-2008 in Tips & Tricks
» Vulnerable methods and the areas they are commonly trusted in.
by Village Idiot on 11-04-2008 in Classes & Objects
» Simple way to protect a form from bot
by codefreek on 10-23-2008 in Basic
» The Basics On: How Session Stealing Works
by wiifanatic on 09-12-2008 in Security & Permissions
» How to keep your forms from double posting data
by drewbee on 07-03-2008 in Tips & Tricks
IRC Channel
IRC Speech Bubble Join the friendly bunch on IRC...
(#TalkPHP on Freenode)

...Also available via a web interface.

See this thread for information on the TalkPHP Free Hugs Initiative™. Subject to availability.
Associates
Associates
CSS Tutorials
TalkPHP > Developer Forums > General » Escaping in PDO
Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 11-22-2009, 05:58 AM   #1 (permalink)
The Contributor
 
Join Date: Feb 2007
Posts: 64
Thanks: 9
Killswitch is on a distinguished road
Default Escaping in PDO
I have a quick question about using PDO and escaping vars. I am new to PDO, so excuse me if this is kinda noobish of me...

I need to run an insert and I checked the manuals PDO->quote for escaping data in a query. It recommended using a prepared statement and binding params, so I am trying this method instead.

I have my prepare statement, params bound, but do I still need to escape the bound params now?

The vars are coming from a posted form. I *DID* have it setup for the I was manually assigning vars from the $_POST, with $db->quote, trim() and all that goodness, but then I remembered extract(), which quickly gave me my vars.

Just curious and was looking for a little insight to using PDO.
Killswitch is offline   		Reply With Quote
Old 11-22-2009, 10:15 AM   #2 (permalink)
The Acquainted
 
Join Date: Oct 2007
Posts: 170
Thanks: 18
maZtah is an unknown quantity at this point
Default
You should take a look at this article: http://www.phpro.org/tutorials/Intro...HP-PDO.html#10
maZtah is offline   		Reply With Quote
The Following User Says Thank You to maZtah For This Useful Post:
Killswitch (11-22-2009)
Old 11-22-2009, 05:11 PM   #3 (permalink)
The Contributor
 
Join Date: Feb 2007
Posts: 64
Thanks: 9
Killswitch is on a distinguished road
Default
Ah sweet, thanks, that seems like a great site. So I am gathering that using prepared statements escapes on the fly? Why didn't I find PDO earlier?
Killswitch is offline   		Reply With Quote
Reply

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Escaping Metacharacters Orc General 22 05-07-2008 10:28 AM


All times are GMT. The time now is 02:12 AM.

 
     
Contact Us - TalkPHP - PHP Community - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Inactive Reminders By Icora Web Design