Jump to content

Can you spot the bugs? // Chapter #3 - Making it work


Recommended Posts

Me never ever said I wrote my own escaping function, I just said that using mysqli and binding the values will make you safe (if it's not then please point me to some link as I really don't find any info going against this):



$stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?, ?, ?, ?)");
$stmt->bind_param('sssd', $code, $language, $official, $percent);


BTW MySQL seems to slowly go deprecated replaced by MySQLi or PDO

Link to comment
Share on other sites

Gaps indeed, I didn't remembered that one, yes was in Zap indeed. Now I don't fully remember why I didn't used the mysql_real_escape_string, could be that at that time one host was still not PHP 4.3 or newer ? I don't remember, so I had to write one for that. I fully agree here with you, don't do it yourself, better use what the DB offer. And personally I would say better use MySQLi and bind_params instead of inserting the data in the query... Or even better switch to C# and use LINQ ;)

Anyhow thanks for coming back with that code, was totally gone from my memory I admit!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...