开发者

PHP Check string in WHERE clause with prepared statements

问答 作者:

I'm trying to insert a timestamp for a user with prepared statements. However, idHash is a string and it never inserts the string in the correct row. When idHash is empty in the table, these rows are affected. How can I tell PHP that I want this to be treated as a st开发者_开发问答ring??

function setLastRefresh($idHash)
{
    global $dbUser;
    global $dbPass;

    // check if the user is in any of the other tables or if sb is trying to hack the db

    $db = new PDO('mysql:host=localhost;dbname=myDB', $dbUser, $dbPass);
    $preparedStatement = $db->prepare("update users set lastRefresh = NOW() WHERE idHash=:idHash");
    $preparedStatement->execute(array(':idHash' => $idHash));
    $preparedStatement->closeCursor();
    return 0;
}

You can specify the data type when you bind the parameter. You want to use the PDO::PARAM_STR type.

See http://www.php.net/manual/en/pdostatement.bindparam.php for an example. You'll have to change how you're specifying parameters and executing a little bit.

继续阅读:pdophpprepared-statement

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9