Chatoxz
Reputation: 141
PDO execution and bindparam
If i do this:
$qry->execute(array($usuario,$pass));
instead of this:
$qry->bindParam(1, $usuario);
$qry->bindParam(2, $pass);
$qry->execute();
does this give a security problem?
Upvotes: 0
Views: 465
Answers (2)
zerkms
Reputation: 255005
Nope, they are semantically identical
And it's specified in the documentation
Execute the prepared statement. If the prepared statement included parameter markers, you must either:
call PDOStatement::bindParam() to bind PHP variables to the parameter markers: bound variables pass their value as input and receive the output value, if any, of their associated parameter markers
or pass an array of input-only parameter values
Upvotes: 6
Related Questions
- PDO bindParam vs. execute
- Is My PDO Prepared Statement Secure If I Bind The Parameters In The Execute Function?
- Concatenated dynamic PDO query safe from injection without bindparam
- Omitting bindParam with PDO is safe?
- using bindParam with PDO
- PHP PDO and bindParam()
- PDO execute($input_parameter) protects from sql injections as bindParam/bindValue?
- bindParam PDO PHP
- PDO and security
- Clarification on PDO and bindparam