Here is an example of how to use PDO to take an input, force it to be an
integer, and fail if it isn't:
// DBH = database handler
// replace 'mysql' with 'sqlite' or 'mssql', you can also use 'pgsql'
// $host, $dbname, $user, and $pass are assumed to be defined beforehand
$DBH = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);
$DBH->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING ); // setting
PDO to give you warnings but don't necessarily die. helpful for debugging
// STMT = statement, like a MySQL statement
$STMT = $DBH->prepare('SELECT bar FROM foo WHERE number = :userNum');
$STMT->setFetchMode(PDO::FETCH_ASSOC); // return an associative array
$STMT->bindParam(':userNum', $userNum, PDO::PARAM_INT); // $userNum is set
when you get the input from the form submit, whether GET, POST, etc.
$STMT->execute(); // runs the query but I think it only returns a bool
$results = $STMT->fetchAll(); // actually gets your your results. If you
only expect one row, just use fetch instead of fetchAll
Further Reading:
On your HTML form, you can use the input type of 'number' to have your
browser force only numbers (I think integers specifically, but could be
wrong). You could also run some JS to remove any non-numerical input from
the field. That's a whole other beast.
Links to helpful information
http://us2.php.net/manual/en/book.pdo.php
http://us3.php.net/manual/en/pdo.constants.php
http://php.net/manual/en/ref.pdo-pgsql.connection.php
http://code.tutsplus.com/tutorials/why-you-should-be-using-phps-pdo-for-database-access--net-12059
On Thu, May 29, 2014 at 8:11 AM, Michael Torrie <[email protected]> wrote:
> On 05/29/2014 04:52 AM, Dan Egli wrote:
> > Great, what's PDO? Realize that I've not used any web language since
> HTML4
> > and PHP4. So now that both are in version 5 I'm catching up from far
> > behind. Got a good URL to describe how to use PDO in PHP, as well as what
> > the heck PDO is?
>
> You mentioned before that your internet access is restricted. Are you
> able to use google at all? Just wondering because a quick search could
> answer your questions rather handily.
>
> https://php.net/manual/en/book.pdo.php
>
> > Of course I wouldn't be using mysqli_* functions because of the fact that
> > the back-end database isn't mysql. But the point is well made. :)
>
> PDO lets you use a common object class to create and manipulate
> connections to any database PDO has a database driver for. SQLite,
> PostgreSQL, MariaDB, etc.
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
