>---- Original Message ---- >From: Louis Huppenbauer <louis.huppenba...@gmail.com> >To: php-general@lists.php.net >Sent: Wed, Aug 31, 2011, 10:24 AM >Subject: Re: [PHP] Re: mysqli sql question > >Hi there Richard > >It's part of the prepared statements >http://php.net/manual/de/pdo.prepared-statements.php >;) > >2011/8/31 Richard Riley <rile...@googlemail.com> > >> "Jen Rasmussen" <j...@cetaceasound.com> writes: >> >> > Peet, >> > >> > Could you do something like this instead? This is using named >> placeholders >> > and a separate line for your statement >> > but I was able to get it to echo the statement in this manner. >> > >> > $sql = "UPDATE table SET field1=:field1, field2=:field2 WHERE id=:id"; >> > $sth = $dbh->prepare($sql); >> > $sth->execute(array(":field1"=>$field1, >> > ": field2"=>$ field2, >> > ": id"=>$id)); >> >> Hi Jen, could you point me to a document/man page for PHP which explains >> that : notation in $sql= line please. I'm sure its common to everyone >> here but, well, I never saw it before ;( >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >>
These are called SQL Parameters. It's recommended to use them since they help eliminate SQL Injections. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
