[Chugalug] Newbie question

Randy Yates lpcustom at gmail.com
Sat Aug 17 15:58:17 UTC 2013


If you are seeing code, it could be from the multiple includes of the same
file in your code.


On Sat, Aug 17, 2013 at 11:50 AM, Randy Yates <lpcustom at gmail.com> wrote:

> Tyler, here is a slightly better version of your pastebin code. I haven't
> tested it to see how it looks, so I may have a mistake here and there.
> However, notice the use of PDO. Check out the :year, :make, :model, etc in
> the SQL statement. Then when the $pdo->execute() is executed an array is
> passed as an argument to tell PDO how to bind the values.
>
> http://pastebin.com/W5tas7J9
>
>
> On Sat, Aug 17, 2013 at 11:29 AM, Randy Yates <lpcustom at gmail.com> wrote:
>
>> When I said that, I was just trying to find the quick fix for his
>> problem. I later warned him that he would have SQL injection issues with a
>> statement like that. I just didn't want anyone to get the idea that I wrote
>> that SQL statement. I was merely pointing out that he was missing the
>> keyword "VALUES" in his pastebin code.
>>
>>
>> On Sat, Aug 17, 2013 at 11:24 AM, Dan Lyke <danlyke at flutterby.com> wrote:
>>
>>> On Fri, 16 Aug 2013 20:18:04 -0400
>>> Randy Yates <lpcustom at gmail.com> wrote:
>>> > Tyler, your SQL statement may be failing. Have you tried that
>>> > statement manually in mysql? You may need to add VALUES like so:
>>> >
>>> >    1. INSERT INTO sedan ( year, make, model, color, price)
>>> >    values('{$_POST['year']}','{$_POST['make']}', '{$_POST['model']}',
>>> >    '{$_POST['color']}', '{$_POST['price']}')";
>>>
>>> I know nothing about PDO, and am not generally a fan of ORMs, but never
>>> ever ever do this.
>>>
>>> Use bound variables, or make sure that values put into SQl statements
>>> get properly quoted.
>>>
>>> Here's why: http://xkcd.com/327/
>>>
>>> Dan
>>> _______________________________________________
>>> Chugalug mailing list
>>> Chugalug at chugalug.org
>>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>>
>>
>>
>>
>> --
>> Google reads my email!
>>
>
>
>
> --
> Google reads my email!
>



-- 
Google reads my email!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20130817/9b990952/attachment-0001.html>


More information about the Chugalug mailing list