Sim Posted June 14, 2020 Share Posted June 14, 2020 How many MODDers here are opposed or against or not opposed and not against doing this? $insert = $this->db->prepare ("INSERT INTO tradeItems ( TI_tradeID, TI_userID, TI_invIDs ) VALUES ( '" . $ID . "', '" . $this->user->info->U_id . "', '" . $invIDs . "' )" ); $insert->execute(); Instead of binding every field. $insert->bindData(":ID", $ID); ECT, ect Quote Link to comment Share on other sites More sharing options...
Magictallguy Posted June 15, 2020 Share Posted June 15, 2020 There's very little point in using prepared statements if you're not preparing them. I'm definitely against this method 2 Quote Link to comment Share on other sites More sharing options...
Dave Posted June 15, 2020 Share Posted June 15, 2020 I agree with @Magictallguy if you aren't using the prepared statements then just do a straight up query. I typically don't prepare "safe" variables, like things directly pulled out of a database which have been correctly cast, but it's good practice to prepare everything just in case something slips through the gaps 🙂 Quote Link to comment Share on other sites More sharing options...
Sim Posted June 15, 2020 Author Share Posted June 15, 2020 I'm not familiar with PDO. Prepare secures data while query just queries whatever data? Quote Link to comment Share on other sites More sharing options...
Magictallguy Posted June 15, 2020 Share Posted June 15, 2020 No. Prepared Statements do not secure your data any more than a standard query would. It is on the developer (namely you) to use the functionality as intended. The most obvious difference (when coding) between PDO and, say, MySQLi is that using Prepared Statements negates the requirement for escaping data. Another benefit of PDO is that it isn't limited to the MySQL(i) driver; it can support 12 different DB drivers (at the time of writing) - which makes it highly adaptable and extensible. Use either properly and you should be good to go. 2 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.