I have a mysqli script which works perfectly except when I try to force
an exception
by using a test attacking parameter. I can't get an exception thrown
even though I also
don't get any output. The docs say the prepared statement must be a
single statement, and of course
this is not. But why don't I get an exception here?
...
$param = "red;DELETE FROM wines";
try {
if ( ! $query = $demo -> prepare( 'SELECT name FROM wines WHERE color
= ?' ) ) throw new Exception ( "can't select from wines: " . $demo ->
error );
if ( ! $query -> bind_param( 's', $param ) ) throw new Exception (
"can't bind parameter: " . $demo -> mysqli_error );
if ( ! $query -> execute() ) throw new Exception ( "can't execute
query: " . $demo -> mysqli_error );
...
--
=================
Michael Southwell
Vice President, Education
NYPHP TRAINING: http://nyphp.com/Training/Indepth
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
