user198729
Reputation: 63626
How to change from mysql to pdo using prepared statements in PHP?
$dml = "insert into bookmark(accountId,category,url,hash,title,created) value($_SESSION[accountId],$_POST[category],'$_POST[url]',md5('$_POST[url]'),'$_POST[title]',now())";
mysql_query($dml,$con);
How do I do this statement using prepared statements in PDO?
Upvotes: 3
Views: 770
Answers (2)
Adrian
Reputation: 1402
$dml = "INSERT INTO bookmark (accountId, category, url, hash, title, created) "
. "VALUES (:accountId, :category, :url, MD5(:url), :title, NOW())";
$statement = $pdo->prepare($dml);
$parameters = array(
":accountId" => $_SESSION["accountId"],
":category" => $_POST["category"],
":url" => $_POST["url"],
":title" => $_POST["title"]);
$statement->execute($parameters);
Upvotes: 3
Brock Batsell
Reputation: 5803
$dml = $db->prepare("INSERT INTO bookmark (accountId, category, url, hash, title, created) VALUES (:account_id, :category, :url, MD5(:url), :title, NOW());");
$dml->bindParam(':account_id', $_SESSION['accountId']);
$dml->bindParam(':category', $_POST['category']);
$dml->bindParam(':url', $_POST['url']);
$dml->bindParam(':title', $_POST['title']);
$dml->execute();
Upvotes: 3