All Questions

67
votes
5answers
7580 views

Can I mix MySQL APIs in PHP?

I have searched the net and so far what I have seen is that you can use mysql_ and mysqli_ together meaning: <?php $con=mysqli_connect("localhost", "root" ,"" ,"mysql"); if( mysqli_connect_errno(...
67
votes
2answers
3436 views

Cleansing User Passwords

How should I escape or cleanse user-provided passwords before I hash them and store them in my database? When PHP developers consider hashing users' passwords for security purposes, they often tend t...
188
votes
6answers
54792 views

Can PHP PDO Statements accept the table or column name as parameter?

Why can't I pass the table name to a prepared PDO statement? $stmt = $dbh->prepare('SELECT * FROM :table WHERE 1'); if ($stmt->execute(array(':table' => 'users'))) { var_dump($stmt->f...
17
votes
1answers
2912 views

My PDO Statement doesn't work

This is my PHP sql statement and it's returning false while var dumping $password_md5 = md5($_GET['password']); $sql = $dbh->prepare('INSERT INTO users(full_name, e_mail, username, password, passw...
482
votes
20answers
160876 views

Can I bind an array to an IN() condition?

I'm curious to know if it's possible to bind an array of values to a placeholder using PDO. The use case here is attempting to pass an array of values for use with an IN() condition. I'm not very goo...
342
votes
13answers
122127 views

mysqli or PDO - what are the pros and cons?

In our place we're split between using mysqli and PDO for stuff like prepared statements and transaction support. Some projects use one, some the other. There is little realistic likelihood of us ever...
510
votes
6answers
154788 views

Are PDO prepared statements sufficient to prevent SQL injection?

Let's say I have code like this: $dbh = new PDO("blahblah"); $stmt = $dbh->prepare('SELECT * FROM users where username = :username'); $stmt->execute( array(':username' => $_REQUEST['usernam...
46
votes
3answers
6484 views

Reference — frequently asked questions about PDO

What is this? This is a list of frequently asked questions regarding PHP Data Objects Why is this? As PDO has some features unknown to a regular PHP user, questions regarding prepared statements a...
94
votes
9answers
48102 views

How to apply bindValue method in LIMIT clause?

Here is a snapshot of my code: $fetchPictures = $PDO->prepare("SELECT * FROM pictures WHERE album = :albumId ORDER BY id ASC LIMIT :skip, :max"); $fetchPictures->bindValue(...
55
votes
4answers
29936 views

How to squeeze error message out of PDO?

I can't seem to get any error message from PDO: #$dbh->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING ); try { $sth = $dbh->prepare('@$%T$!!!'); print_r($sth); print_r($dbh->err...

Previous Next