Re: problem with serial
От | Raymond O'Donnell |
---|---|
Тема | Re: problem with serial |
Дата | |
Msg-id | 4F90688E.20804@iol.ie обсуждение исходный текст |
Ответ на | Re: problem with serial (Yvon Thoraval <yvon.thoraval@gmail.com>) |
Ответы |
Re: problem with serial
Re: problem with serial |
Список | pgsql-general |
On 19/04/2012 20:30, Yvon Thoraval wrote: > > > 2012/4/19 Raymond O'Donnell <rod@iol.ie <mailto:rod@iol.ie>> > > Or better still - and easier - use parametrised queries. > > > > Right it is easier something like : > $sql = "categories (idx, ctime, mtime, name) VALUES ( :idx, :ctime, > :mtime, :name);"; > $prep = $db->prepare($sql); > $prep->execute( array(':idx' => $_GET['idx'], ':ctime' => $ctime, > ':mtime' => $mtime, ':name' => $name)); > > no more need to $db->quote() in that case, as : > $name = $db->quote($name); > ??? > I mean, even if $name = "L'envers" ? (ie. with a ' in it ?) Yep - no need to worry about quoting if you use parameters - it's all done for you. It's also MUCH safer, as it makes SQL injection attacks much harder (if not impossible). Ray. -- Raymond O'Donnell :: Galway :: Ireland rod@iol.ie
В списке pgsql-general по дате отправления: