Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

dbf2mysql parameter, WWWXXXAPC, wwwxxxAPC, How to unsubscrube from dategen spam, docmd.close 2585, WWWXXXDOCO, nu vot, dhcpd lease file "binding state", WWWXXXDOCO, how to setup procmail to process html2text

Links

XODOX
Impressum

#1: mysqld bind_param

Posted on 2007-11-21 13:34:59 by steffen haugk

Hi there,
I would like to do a bind_param, the problem is I don't know the names
of the fields in advance, or in fact how many fields I will be setting.

Look at this example code (from
<http://php.oregonstate.edu/manual/en/function.mysqli-stmt-bind-param.p
hp>)

$stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?, ?,
?,?)");$stmt->bind_param('sssd', $code, $language, $official,
$percent);

I can build the prepare string alright, But what about the second line?

Of course I can build up the actual SQL query string like so:

$stmt = "INSERT INTO CountryLanguage VALUES (".$code.",
".$language.",".$official.", ".$percent.")";

Because of SQL injection that doesn't seem to be a good idea. What
should I do?

Cheers, Steffen


--

I'm trying a new usenet client for Mac, Nemo OS X.
You can download it at http://www.malcom-mac.com/nemo

Report this message