3 Replies - 995 Views - Last Post: 26 September 2013 - 04:25 PM Rate Topic: -----

#1 mutago234   User is offline

  • D.I.C Regular

Reputation: 1
  • View blog
  • Posts: 260
  • Joined: 08-September 13

mysqli prepared statement

Posted 26 September 2013 - 02:29 PM

I tried sanitizing variable id before passing it to database using mysql functions at it works with function get

public function get($idok)
{
 
$id =mysql_real_escape_string($idok);

$sql = "SELECT `data` FROM `{$this->dbName}`.`{$this->dbTable}` " .
"WHERE `id` = ?";
if($stmt = $this->db->prepare($sql))
{
if($stmt->bind_param('s', $id))
 
 


When I tried it with set function it returns error


public function set($idok)
{


$id =mysql_real_escape_string($idok);

Is This A Good Question/Topic? 0
  • +

Replies To: mysqli prepared statement

#2 andrewsw   User is offline

  • palpable absurdity
  • member icon

Reputation: 6905
  • View blog
  • Posts: 28,565
  • Joined: 12-December 12

Re: mysqli prepared statement

Posted 26 September 2013 - 02:36 PM

There are a number of things missing from your topic:

  • A relevant title - are you talking about the mysql or mysqli extension?
  • An introduction to your topic/question
  • A description
  • A question

If you get an error then also post the error message.
Was This Post Helpful? 1
  • +
  • -

#3 Atli   User is offline

  • Enhance Your Calm
  • member icon

Reputation: 4241
  • View blog
  • Posts: 7,216
  • Joined: 08-June 10

Re: mysqli prepared statement

Posted 26 September 2013 - 04:15 PM

I've pointed this out before, in some of your other threads:

If you are not using the deprecated MySQL API extension, you should not be using the mysql_* functions!
That includes ALL of them; anything starting with mysql_ should not be used.

Both MySQLi and PDO have no need for functions like mysql_real_escape_string anyway, seeing as both support prepared statements. The MySQLi extension has an escape function, similar to that one, but it's more or less just there for historical reasons. Escaping input is pointless when using prepared statements.
Was This Post Helpful? 0
  • +
  • -

#4 mutago234   User is offline

  • D.I.C Regular

Reputation: 1
  • View blog
  • Posts: 260
  • Joined: 08-September 13

Re: mysqli prepared statement

Posted 26 September 2013 - 04:25 PM

ok thanks
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1