jeff_zucker
asked on
PHP PDO statements
Is there any risk in using integers (and other hardcoded variables) in PDO statments?
ie
$STH=$DBH->prepare("SELECT name FROM Employees WHERE active=1");
$STH->execute();
Seems like it would be a lot of hassle to write it like this:
$STH=$DBH->prepare("SELECT name FROM Employees WHERE active=:active_status");
$STH->execute(array(':acti ve_status' =>1));
(Also, is my syntax ok in the 2nd example?)
ie
$STH=$DBH->prepare("SELECT
$STH->execute();
Seems like it would be a lot of hassle to write it like this:
$STH=$DBH->prepare("SELECT
$STH->execute(array(':acti
(Also, is my syntax ok in the 2nd example?)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Glad to help; thanks for using E-E and best of luck with your project, ~Ray
ASKER