PHP Data Objects (PDO)
In this
post, we will implement prepared statement for insert and update data. I
will show simple example.
<?php
// configuration
$dbtype = "sqlite";
$dbhost = "localhost";
$dbname = "test";
$dbuser = "root";
$dbpass = "admin";
// database connection
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
// new data
$title = 'PHP Security';
$author = 'Jack Hijack';
// query
$sql = "INSERT INTO books (title,author) VALUES (:title,:author)";
$q = $conn->prepare($sql);
$q->execute(array(':author'=>$author,
':title'=>$title));
?>
It's that easy and this query will protect your MySQL database from malicious injections.
PDO's Select syntax is simple and very powerful