/    Sign up×
Community /Pin to ProfileBookmark

Binding parameters with PHP + MySQL

Copy linkTweet thisAlerts:
Jul 19.2006

I recently read this article about [URL=http://it.slashdot.org/article.pl?sid=06/07/19/1213201]SQL injection attacks[/URL] on Slashdot, where in the comments it was recomended you should always bind parameters when taking user input for use in SQL.

After searching for a while I couldn’t find what this actually means, why to do it, and how to do it with PHP+MySQL. I wondered if anyone could help me?

Thanks, BestZest (Stuk)

to post a comment
PHP

2 Comments(s)

Copy linkTweet thisAlerts:
@NogDogJul 19.2006 — It has to do with using prepared statements in MySQL, and is supported in the mysqli PHP methods/functions. See http://us3.php.net/manual/en/function.mysqli-stmt-bind-param.php, for example. (I've not worked with the mysqli methods due to my web host's configurations, so I don't have any more to say about it other than what you can find in the PHP manual.)
Copy linkTweet thisAlerts:
@BestZestauthorJul 21.2006 — Okay, thanks very much. I'll have to have another look into it. Although I think I'll have the same problems with my host not having the mysqli module installed.
×

Success!

Help @BestZest spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 6.16,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @nearjob,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,
)...