1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 8:24 am May 23, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Parameterized Queries

         

HoboTraveler

7:00 am on Oct 6, 2006 (gmt 0)

10+ Year Member



Hi All,

I've been reading that magic quotes, addslashes and everything else related to escaping slashes are not the best to create secure queries.

There is an example on this page that shows a parameterized query or bound parameter. However, the demo is for Java.

Could someone please point me on how to create such a query using PHP4/MySQL..

[unixwiz.net...]

I suppose the bound statements could be used for INSERT, SELECT, UPDATE etc..

TIA

barns101

10:05 am on Oct 6, 2006 (gmt 0)

10+ Year Member



This is not my area of expertise but as far as I am aware, you need to add slashes and also use mysql_real_escape_string [php.net].

eelixduppy2

10:49 am on Oct 6, 2006 (gmt 0)

10+ Year Member



Here's the documentation on Database Security [us2.php.net]

coopster

7:43 pm on Oct 9, 2006 (gmt 0)

WebmasterWorld Administrator 10+ Year Member



MySQL bound statements, or prepared statements, are addressed in PHP5 with the MySQL Improved Extension [php.net]. Prior to that you'll have to write your own class or perhaps you can locate one at PEAR or phpclasses.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 8:24 am May 23, 2026