Hi there,
I was just looking at the PHP INSERT INTO example at the bottom of the tutorial page http://www.w3schools.com/sql/sql_injection.asp
The code shown is:-
1> $stmt = $dbh->prepare("INSERT INTO Customers (CustomerName,Address,City) VALUES (:nam, :add, :cit)");2> $stmt->bindParam(':nam', $txtNam);3> $stmt->bindParam(':val', $txtAdd);4> $stmt->bindParam(':cit', $txtCit);5> $stmt->execute();
Would this not return an error due to the mismatch between :add and :val in lines 1 and 3?
I'm not trying to find criticism, purely just trying to understand how to write safer code.
Many Thanks to all those involved in putting together and running w3school.