Prepared Statements

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
gazzieh
Forum Commoner
Posts: 40
Joined: Wed May 19, 2010 7:46 am

Prepared Statements

Post by gazzieh »

I have come across an issue with a site I have built and realised I need to use the addslash statement. However, whilst doing so I came across prepared statements.

I am interested in Prepared Statements from purely the security position alone but am having an issue understanding how to use them effectively.

I have the following code:

Code: Select all

$getUser = $loginConnector->query("SELECT * FROM ".$settings['tbl_users']." WHERE txtUser = '".$_SESSION['user']."' AND txtPassword = '".$_SESSION['pass']."' AND intGroup <= ".$group.' AND intActive = 1');
if ($loginConnector->getNumRows($getUser) > 0)
This is an example of one of the queries I would like to modify (where a user enters data that is used to either interogate the Db or insert/update data). The $loginConnector is a class with a number of functions contained within (including the 'query' function given above). The first thing this class does is define the connection settings.

I am so confused I am unsure the question I have but I suppose - do I set up all my relevant queries and prepare these when the site is first loaded; storing them for use by any loading page (and if so; how)? Or do I set up the Db connection everytime I want to run the prepared query on each page?

Any good guide would be so gratefully received since unpicking all this work is making my head spin!
Post Reply