Page 1 of 1

Safe way to execute insert and update using PDO

Posted: Thu Oct 30, 2008 12:09 pm
by ushtabalakh
I'm trying to write a function that I can use later to make safe insert and update calls using PDO's prepare functionality
This is what I have came up with so far

Code: Select all

function ExecuteQuery($query,$arrayOfValues){
    global $db;
    $del = $db->prepare($query);
    $del->execute($arrayOfValues);
    $count = $del->rowCount();  
    return $count;
}
I wish to use this function like this:

Code: Select all

 
$count = ExecuteQuery("insert into users (`verified`,`username`,`email`,`password`,`avatarid`,`homepage`,`lastlogin`,`sentitems`,`passworddate`,`title`,`allowedtosend`,`changePassKey`) values  (1, '?','?','?',0,'?',CURDATE(),0,CURDATE(),'',0,0",array( $username , $email , $password , $homepage ));
 
But it doesn't work, I receive 0 every time I run the function
What seems to be the problem?

Re: Safe way to execute insert and update using PDO

Posted: Fri Oct 31, 2008 7:34 am
by ushtabalakh
How do you guys perform a safe sql insert or update then? :crazy: