simun
-
Posts
2 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by simun
-
-
Hi there,
I was just looking at the PHP INSERT INTO example at the bottom of the tutorial page http://www.w3schools.com/sql/sql_injection.asp
The code shown is:-
1> $stmt = $dbh->prepare("INSERT INTO Customers (CustomerName,Address,City) VALUES (:nam, :add, :cit)");2> $stmt->bindParam(':nam', $txtNam);3> $stmt->bindParam(':val', $txtAdd);4> $stmt->bindParam(':cit', $txtCit);5> $stmt->execute();
Would this not return an error due to the mismatch between :add and :val in lines 1 and 3?
I'm not trying to find criticism, purely just trying to understand how to write safer code.
Many Thanks to all those involved in putting together and running w3school.
Is it me or that SQL Injection example that's faulty?
in Suggestions
Posted
Thanks for replying