Re: Design Pattern to keep a connection opened?

John R Pierce Sun, 06 Nov 2011 00:17:27 -0700

On 11/05/11 11:59 PM, Brandon Phelps wrote:

$local_db->do("SELECT insert_message(" . $local_db->quote($field1). ", " . $local_db->quote($field2) . ", " . $local_db->quote($field3). ", " . $local_db->quote($field4) . ")");}

btw, thats a rather poor way of passing arguments to SQL. you shouldinstead use a prepared statement with parameters for your passed arguments.


    $st = $local_db->prepare("SELECT insert_message(?, ?, ?, ?)")
                or die $local_db->errstr;
       $results = $st->execute($field1, $field2, $field3, $field4)
                or die $st->errstr;

cleaner, easier to read, far less likely to get nailed with SQLInjection. PLUS we're catching errors.




--
john r pierce                            N 37, W 122
santa cruz ca                         mid-left coast

Re: Design Pattern to keep a connection opened?

Reply via email to