Hello
I have a simple query like:
$dbconn = pg_Connect("dbname=abc user=abc");
$query = "SELECT * FROM subscriber where subscriber.id = $id";
$result = pg_exec($query);
...
It can be seen that I have $id in the query and this is not a good practice. I want to have a placeholder like this:
$query = "SELECT * FROM subscriber where subscriber.id = ?";
How I can rewrite the code above
Many thanks
john
postsql with placeholder for php
Moderator: General Moderators
The problem is
My problem is I use very old version of php and postgres
php: 4.1
postgres 7.2
So I cannot use pg_prepare function
Any suggestion??
php: 4.1
postgres 7.2
So I cannot use pg_prepare function
Any suggestion??
Thanks but
Hello
> it is safe to put a variable in your query as long as you properly escape your variables
how I can do that as I want to avoid the SQL injection problem
Thanks
> it is safe to put a variable in your query as long as you properly escape your variables
how I can do that as I want to avoid the SQL injection problem
Thanks
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
pg_escape_string() possibly.
It is recommended that you upgrade your PHP version, if at all possible. PHP4 will not be actively supported for very much longer.
Try addslashes().
Try addslashes().
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.