Crazy Horse
asked on
Correct way to use WHERE with prepared statements
When updating a record with prepared statements, should I do this:
or:
$stmt = $link->prepare("UPDATE `db_users` SET `user_password` = ? WHERE `user_email` = ? AND `user_hash` = ?");
or:
$stmt = $link->prepare("UPDATE `db_users` SET `user_password` = ? WHERE `user_email` = '$get_email' AND `user_hash` = ''$get_activecode");
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
With named parameters the sequence of the binding calls does not matter.
Using password_hash is save, cause it uses an random salt.
Using password_hash is save, cause it uses an random salt.
ASKER
Ah, that would be helpful, not having to make sure the sequence doesn't matter. I'll try move over to that once I get the hang of doing it normally. I don't want to change around to much just yet. Thanks for the info!
ASKER
I store my passwords using the php built in 'password_hash' function. Not sure if that is what you mean?