View Single Post
06-01-2012, 09:34 AM
#3
Ant is offline Ant
Status: Member
Join date: Apr 2005
Location: England
Expertise:
Software:
 
Posts: 209
iTrader: 5 / 100%
 

Ant is on a distinguished road

  Old

Yes you could, I suppose that wasn't a very good example - the binding parameters prevents SQL injection, as the SQL and parameters are sent to the database server separately.

You would usually be inputting submitted information by the user, so you would normally have to sanitize it, but with prepared statements you don't have to.

You would more likely use something like this for your parameters, where the variables are local copies from a global $_POST array.

PHP Code:
$params = array(
        
':message_id' => $user_input_string,
        
':temperature' => $user_input_string_two
    
); 

Reply With Quote