Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // This is functionally equivalent...
- $query = $pdo->query("SELECT foo FROM bar WHERE id = {$_GET['id']}");
- $results = $query->fetchAll();
- // To this
- $query = $pdo->prepare("SELECT foo FROM bar WHERE id = :id");
- $query->bindValue(':id', $_GET['id'], PDO::PARAM_INT);
- $query->execute();
- $results = $query->fetchAll();
- // except the first one is not protected against sql injections at all
Add Comment
Please, Sign In to add comment
