On Apr 15, 3:10 pm, [EMAIL PROTECTED] (Robert Roggenbuck)
wrote:
> $sth->{Statement} returns the prepared statement. Using this as a base
> You can get the used values in a HashRef by $boundParams =
> $sth->{ParamValues} after an execute. I did not used it before ... but
> it should work.
>
> Regards
>
> Robert
>
> aspiritus schrieb:
>
> > Hello all experts !
>
> > I need to log every INSERT, UPDATE and DELETE queries even when using
> > placeholders. Here some code:
>
> > $sql = "UPDATE users SET `name`=? WHERE ìd`=1;";
> > $sth = $dbh->prepare($sql);
> > $sth->execute('Test User');
> > $sth->finish();
>
> > Of course execute params are given dynamically and I want to use
> > placeholders for more secure code.
> > I want to save that UPDATE query into file or database ( I'll prefer
> > DB :) ) for tracking purposes. Any idea how to do this?
Thank you all for replays, here some thoughts:
I also want to record who did what and where, ex. who was the person
logged in and changed the username. This info is sent by HTTP_VARS on
each POST of form. My "log" contains these columns: id
(auto_increment), Name ( person who posted form), Timestamp,
Scriptname ( where form was posted),Sql ( actual query with
placeholders), Sql_values (executed values)
Keeping above in mind, Roberts idea makes sense and is best solution,
but I can't get $sth->{ParamValues} to work with mysql. $sth-
>{Statement} works just fine and I get column "Sql" populated.
