This small & simple php file allows you to write queries with parameters.
There's a version for PHP 4 (mysql_*) and a version for PHP 5 (mysqli)
The source code is on github.
Example usage, assuming the page was loaded with a query string like ?id=5
<?php
include_once '_mysql.php';
$records = db_select_param("SELECT id,first_name,last_name,phone FROM contact WHERE id=:id[i]",$REQUEST);
if( empty($records) ) { ... }
foreach($records as &$r) {
$r['name'] = $r['first_name'] . " " . $r['last_name'];
}
?>
NOTE: this example is only intended to illustrate how to use the mysql library; in practice you should validate your request parameters before passing them in any database query, even with named parameters.
Comments (0)
You don't have permission to comment on this page.