|
|
Posted by Malcolm Dew-Jones on 11/04/05 19:58
rjames.clarke@gmail.com wrote:
: What is "bind the statement to the value". What is bind?
bind variables
oracle examples
http://www.oracle.com/ technology/ pub/ articles/
oracle_php_cookbook/ ullman_bindings.html
mysql via mysqli (look for "bind")
http://ca.php.net/mysqli
mysql without mysqli
<quote>
Andy Hassall
Sep 6, 2:28 pm show options
...
I recommend using the ADOdb library
(http://adodb.sourceforge.net/).
</quote>
Haven't used that myself yet, and I plan on trying it the next time I have
a reason sicne it sounds like a thin wrapper to add this very useful
functionality.
OT: the mysql escape should make anything _safe_, including things that
you hope to be number, so I still don't quite see the need for intval.
# ESCAPE == the mysql function the name of which I may have wrong
$maybe_a_number = ESCAPE($the_input_data);
$sql = "select * from T1 where the_number = $maybe_a_number";
# that should be _safe_, but should also generate an sql error if
# the number is not valid. It will also accept whatever syntax and
# automatic conversions are supported by the database, so if your
# database can handle human readable input like "1,234,456.9", or
# 99,9 (where comma is the decimal point) then
# so can your application.
I'm not sure why it would be bad to allow the database to validate your
input anyway. You will be expecting it to to other validations, such as
"duplicate key", and in something like Oracle, any number of other
database enforced constraints.
--
This programmer available for rent.
Navigation:
[Reply to this message]
|