Jump to content

DB Class Prepare Method


Recommended Posts

How many MODDers here are opposed or against or not opposed and not against doing this?

        $insert = $this->db->prepare ("INSERT INTO
             '" . $ID . "',
             '" . $this->user->info->U_id . "',
             '" . $invIDs . "'


Instead of binding every field.

$insert->bindData(":ID", $ID);

ECT, ect

Link to comment
Share on other sites

I agree with @Magictallguy if you aren't using the prepared statements then just do a straight up query.

I typically don't prepare "safe" variables, like things directly pulled out of a database which have been correctly cast, but it's good practice to prepare everything just in case something slips through the gaps 🙂

Link to comment
Share on other sites

No. Prepared Statements do not secure your data any more than a standard query would. It is on the developer (namely you) to use the functionality as intended.
The most obvious difference (when coding) between PDO and, say, MySQLi is that using Prepared Statements negates the requirement for escaping data.
Another benefit of PDO is that it isn't limited to the MySQL(i) driver; it can support 12 different DB drivers (at the time of writing) - which makes it highly adaptable and extensible.

Use either properly and you should be good to go.

  • Like 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...