Search the Community
Showing results for tags 'prepared statements'.
BACKGROUND: i have created a search box for users to query the Grammar Captive database with Natural Language functionality. As the query string results in a single variable that is read into an AGAINST statement (see below), I am concerned about the overall safety of my database and web application. QUESTION ONE: Is it possible to write a prepared statement with the value of an AGAINST clause as an unknown? If not, what must one do in order to prevent against SQL injection? WHAT I HAVE CREATED SELECT letter_no, letter_title, letter_abstract, submission_date, revision_date,
Hi all, I've been working out my learning issues slowly and was able to figure out the process to communicate from html form to PDO to Mariadb fine. I decided to try to work with Prepared Statements via PDO into my Mariadb and am having some probs I can't get through. I'm trying to simplify things as much as possible so I can work it out, but don't think I've got it. Can anyone help point out a better approach to using prepared statements for a simple form with a few q's. I've scaled down my practice files to ease of use. I'm using my own Apache test server locally, w