Flavio daCosta wrote:
This is a perfect example of why prepared statements are so much better
for SQL injection avoidance than straight SQL calls.
Exactly why I'm working on understanding the mechanism behind it, so I
can explain it rather than just demonstrating it.
One last question: when affected_rows returns -1 (according to the docs)
it "indicates that the query returned an error." My example demonstrates
this by throwing an exception here:
if ( $demo -> affected_rows == -1 ) throw new Exception ( "error
trying to find wines with name “" . $param . '”' );
Where is the error that the query returned? It's not in $demo -> error.
Hopefully helpful and not confusing ;-)
Very much so; many thanks.
--
=================
Michael Southwell
Vice President, Education
NYPHP TRAINING: http://nyphp.com/Training/Indepth
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
