Saturday, June 22, 2013

INSERT Statement with PDO and PHP syntax, made easy!


        PHP Data Objects (PDO) 
In this 
post, we will implement prepared statement for insert and update data. I
 will show simple example.

 
 
<?php
// configuration
$dbtype  = "sqlite";
$dbhost  = "localhost";
$dbname  = "test";
$dbuser  = "root";
$dbpass  = "admin";

// database connection
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);

// new data
$title = 'PHP Security';
$author = 'Jack Hijack';

// query
$sql = "INSERT INTO books (title,author) VALUES (:title,:author)";
$q = $conn->prepare($sql);
$q->execute(array(':author'=>$author,
                  ':title'=>$title));


?>
 
It's that easy and this query will protect your MySQL database from malicious injections.
PDO's Select syntax is simple and very powerful

No comments:

Post a Comment