postsql with placeholder for php

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
johnhelen
Forum Commoner
Posts: 45
Joined: Mon Feb 19, 2007 9:17 pm

postsql with placeholder for php

Post by johnhelen »

Hello

I have a simple query like:

$dbconn = pg_Connect("dbname=abc user=abc");

$query = "SELECT * FROM subscriber where subscriber.id = $id";
$result = pg_exec($query);
...

It can be seen that I have $id in the query and this is not a good practice. I want to have a placeholder like this:

$query = "SELECT * FROM subscriber where subscriber.id = ?";

How I can rewrite the code above

Many thanks

john
johnhelen
Forum Commoner
Posts: 45
Joined: Mon Feb 19, 2007 9:17 pm

The problem is

Post by johnhelen »

My problem is I use very old version of php and postgres
php: 4.1
postgres 7.2
So I cannot use pg_prepare function

Any suggestion??
Begby
Forum Regular
Posts: 575
Joined: Wed Dec 13, 2006 10:28 am

Post by Begby »

You can look into PearDB as that should do that for you.

However, it is safe to put a variable in your query as long as you properly escape your variables. You will just need to do it manually.
johnhelen
Forum Commoner
Posts: 45
Joined: Mon Feb 19, 2007 9:17 pm

Thanks but

Post by johnhelen »

Hello
> it is safe to put a variable in your query as long as you properly escape your variables

how I can do that as I want to avoid the SQL injection problem

Thanks
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

johnhelen
Forum Commoner
Posts: 45
Joined: Mon Feb 19, 2007 9:17 pm

Post by johnhelen »

pg_escape_string() possibly.

this function is for php>=4.2
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

It is recommended that you upgrade your PHP version, if at all possible. PHP4 will not be actively supported for very much longer.

Try addslashes().
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Post Reply