php - Is this code safe against mysql injections? -

- 

$stmt_update = $db->prepare("update 2_1_journal set recordday = ?,  number = ? "); $stmt->execute(array($amount1, $date_day1));

is safe against mysql injections?

if safe, understand because of "= ?". question how "= ?" works/helps

question because here http://php.net/manual/en/pdo.prepare.php written

prepared statements project sql injection if use bindparam or bindvalue option.

for example if have table called users 2 fields, username , email , updates username might run

update `users` set `user`='$var'

where $var user submitted text.

now if did

<?php $a=new pdo("mysql:host=localhost;dbname=database;","root",""); $b=$a->prepare("update `users` set user='$var'"); $b->execute(); ?>

and user had entered user', email='test test injection occur , email updated test user being updated user.

in code (above) there no bindparams , no bindvalue. not know if safe , if yes, part of code ensures it. please, advice

update

after reading how can prevent sql injection in php? have got 1 more question

does code 

$stmt = $pdo->prepare('select * employees name = ?'); $stmt->execute(array($name));

the same this?

$stmt = $pdo->prepare('select * employees name = :name'); $stmt->execute(array(':name' => $name));

if yes, seems better use first code because shorter?

yes, prepared statements safe inject attacks long there no logical flaws, such using name = '?'.

bindparam helpful when want bind different datatypes; such string, integer etc in query. eg:

$stmt = $pdo->prepare('select * employees myid = ?'); $stmt->bindparam( 1, $id, pdo::param_int ); $stmt->execute();

Comments

Post a Comment

Popular posts from this blog

Perl - how to grep a block of text from a file -

-
it can in xml or text format. how in general grep block of text in perl? <track type="ws"> <range> <rangestart>0</rangestart> <rangeend>146.912</rangeend> <locationindex>0</locationindex> <propertyindex>0</propertyindex> </range> </track> <track type="ps" id="1"> <range> <rangestart>0</rangestart> <rangeend>146.912</rangeend> <locationindex>1</locationindex> <propertyindex>1</propertyindex> </range> </track> i want grep type="ps" , till </range> . one solution open file, read line line , match block. open(fh, "file.txt"); foreach $line (<fh>) { if ($line =~ m/type="cc"(.*?)<\/range>/) { print $1; } } but there more optimal solution without reading file line l
Read more

delphi - How to remove all the grips on a coolbar if I have several coolbands? -

-
Image
if set mycoolbar.fixedorder true,only grip on first band hidden. well,if use delphi 7 create vcl forms application,then put coolbar on , create 3 coolbans hold other controls,only grip , top coolbands can hidden setting mycoolbar.fixedorder:=true. i've uploaded picture make things clear. you got fixedorder property wrong. fixed property not allow bands rearranged if set true . setting property of coolbar true keep user changing bands order @ runtime, user can still move , resize bands. can give advice can do, actual solution problem, well, have wait answer. my advice use 3 coolbars in row , setting "fixedorder" property true , bandborderstyle bsnone . way grip hidden on of them. about property, it's not bug of ide, actual preference of property.
Read more

javascript - Animating array of divs; only the final element is modified -

-
this baffling me @ moment. i'm experienced programmer looking throw bit of surprise fiancee on countdown page our wedding. desired effect simulated confetti falling behind main page. setup follows: i have array of divs in javascript. each div absolutely positioned on page. have interval set updates every 50 or milliseconds. on each tick, run loop on array of divs, , calculations , update positions. problem problem having, however, though can see divs created, stored array, , modified (in case, each has slight randomized rotation) during initialization phase, once tick update position starts, div stored in whatever last slot of array gets position updated. tried hard-coding each div index testing purposes, strictly last element update position. upon printing current "left" , "top" style values each div before , after calculations shows value has been changed, no visible change noticeable. here's basic code: javascript var container;
Read more