I am interested in Prepared Statements from purely the security position alone but am having an issue understanding how to use them effectively.
I have the following code:
Code: Select all
$getUser = $loginConnector->query("SELECT * FROM ".$settings['tbl_users']." WHERE txtUser = '".$_SESSION['user']."' AND txtPassword = '".$_SESSION['pass']."' AND intGroup <= ".$group.' AND intActive = 1');
if ($loginConnector->getNumRows($getUser) > 0)
I am so confused I am unsure the question I have but I suppose - do I set up all my relevant queries and prepare these when the site is first loaded; storing them for use by any loading page (and if so; how)? Or do I set up the Db connection everytime I want to run the prepared query on each page?
Any good guide would be so gratefully received since unpicking all this work is making my head spin!