Cameron Swyft
Reputation: 458
Safest way of use of PDO
I'm a very "sketchy" person about security but I'm also a confusing person to understand when it comes to my logic of coding but.
What is the BEST absolute BEST method of doing prepared statements without having to bind every parameter and having to do anything else. Because in ADO I could simply do this
$stmt = $conn->execute("SELECT * FROM users WHERE username = $user AND password = $pass");
And then I could easily collect the field this way.
$stmt->fields['UID'];
I don't know how to do this in PDO but if I'm going to move to PDO I'd rather do it securely.
And my friend suggested I make a sanitization function? How would I go about this and is there any pre-made PHP sanitization functions that would be useful?
Upvotes: 0
Views: 28
Answers (1)
kylehyde215
Reputation: 1256
You don't have to manually bind each parameter one by one. This works:
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ? AND password = ?");
$stmt->execute(array($user, $pass));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
echo $row['UID'];
Upvotes: 1
Related Questions
- Safe way to write a PDO query
- A safer PDO::prepare?
- PHP : Is really secure that using PDO? Even without old way sanitization or escape?
- how safe are PDO prepared statements
- What is the safest way to use PDO (in & outgoing data) in PHP 5.3
- PDO - connection - how to protect
- PDO::Prepare safety
- Wordpress $wpdb - Safest way to Query
- PHP PDO Security
- PDO and security