Re: [sqlite] deleting syntax w/ PHP's PDO
Hi Sam, Although what you refer to applies more generally (e.g., the SQLite C API has support for it), in this case the best reference would be the PHP Manual's entry on the PDO extension: http://www.php.net/manual/en/ref.pdo.php In particular, read the section on "Prepared statements and stored procedures". For further reading: http://www.php.net/manual/en/function.PDO-prepare.php http://www.php.net/manual/en/function.PDOStatement-bindParam.php Regards, Eugene Wee Sam Carleton wrote: > This might be a really basic question and it might be PHP related, not > SQLite, I am not sure... > > I know that the traditional way to do a delete would be this: > > DELETE FROM users WHERE ipaddress = '192.168.1.1' > > But I have also seen syntax where the actual statement does NOT > contain the '192.168.1.1' but rather a ? and then the value is set as > a parameter on, in my case, PDO object. It is my understanding that > using the ? is much more secure then the traditional way above. Where > might I go to learn more about the ? way of doing a delete? > > Sam ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] deleting syntax w/ PHP's PDO
On Feb 16, 2008 7:08 PM, Sam Carleton <[EMAIL PROTECTED]> wrote: > This might be a really basic question and it might be PHP related, not > SQLite, I am not sure... > > I know that the traditional way to do a delete would be this: > > DELETE FROM users WHERE ipaddress = '192.168.1.1' > > But I have also seen syntax where the actual statement does NOT > contain the '192.168.1.1' but rather a ? and then the value is set as > a parameter on, in my case, PDO object. It is my understanding that > using the ? is much more secure then the traditional way above. Where > might I go to learn more about the ? way of doing a delete? > It is not any more secure, just more foolproof. You don't have to worry about injection attacks and it might even be faster, especially if you re-use the statement. -- Cory Nelson ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
[sqlite] deleting syntax w/ PHP's PDO
This might be a really basic question and it might be PHP related, not SQLite, I am not sure... I know that the traditional way to do a delete would be this: DELETE FROM users WHERE ipaddress = '192.168.1.1' But I have also seen syntax where the actual statement does NOT contain the '192.168.1.1' but rather a ? and then the value is set as a parameter on, in my case, PDO object. It is my understanding that using the ? is much more secure then the traditional way above. Where might I go to learn more about the ? way of doing a delete? Sam ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users