Jump to content
Sim

DB Class Prepare Method

Recommended Posts

How many MODDers here are opposed or against or not opposed and not against doing this?

        $insert = $this->db->prepare ("INSERT INTO
            tradeItems
            (
              TI_tradeID,
              TI_userID,
              TI_invIDs
            )
            VALUES
            (
             '" . $ID . "',
             '" . $this->user->info->U_id . "',
             '" . $invIDs . "'
            )"
            );
            
        $insert->execute();

 

Instead of binding every field.

$insert->bindData(":ID", $ID);

ECT, ect

Share this post


Link to post
Share on other sites

There's very little point in using prepared statements if you're not preparing them.
I'm definitely against this method

  • Like 2

Share this post


Link to post
Share on other sites

I agree with @Magictallguy if you aren't using the prepared statements then just do a straight up query.

I typically don't prepare "safe" variables, like things directly pulled out of a database which have been correctly cast, but it's good practice to prepare everything just in case something slips through the gaps 🙂

Share this post


Link to post
Share on other sites

I'm not familiar with PDO. Prepare secures data while query just queries whatever data?

Share this post


Link to post
Share on other sites

No. Prepared Statements do not secure your data any more than a standard query would. It is on the developer (namely you) to use the functionality as intended.
The most obvious difference (when coding) between PDO and, say, MySQLi is that using Prepared Statements negates the requirement for escaping data.
Another benefit of PDO is that it isn't limited to the MySQL(i) driver; it can support 12 different DB drivers (at the time of writing) - which makes it highly adaptable and extensible.

Use either properly and you should be good to go.

  • Like 2

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...