4
Good personal I am now switching to PDO in php wanted your opinion to know if the method I am programming is safe and if I am programming PDO the right way because I saw on the internet several ways to program
Example code of how I’m doing
<?php
$result_cat = $conexao->query("SELECT * FROM categorias WHERE menu='home' AND activo=1");
$row_cat = $result_cat->fetch(PDO::FETCH_OBJ);
$result_capa = $conexao->query("SELECT * FROM categorias_anexos WHERE id_mae='".$row_cat->id."' AND seccao='capa'");
$row_capa = $result_capa->fetch(PDO::FETCH_OBJ);
?>
Connection with the bank
$host = "localhost";
$bd = "sabeonde_sabeonde";
$user = "[USUARIO]";
$pass = "[SENHA]";
try {
$conexao = new PDO('mysql:host='.$host.';dbname='.$bd.';charset=utf8', ''.$user.'', ''.$pass.'');
$conexao->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
echo 'Error : <br>' . $e->getMessage();
}
Testing
$result_capa = $conexao->prepare("SELECT * FROM categorias_anexos WHERE id_mae = :row_cat AND seccao='capa'");
$result_capa = bindParam(":row_cat", $row_cat->id, PDO::PARAM_INT);
$result_capa->execute();
$row_capa = $result_capa->fetch(PDO::FETCH_OBJ);
I will leave it to someone to put a more complete answer, but I believe the correct method is to use Preparedstatements -> http://php.net/manual/en/pdo.prepared-statements.php
– wryel
Related: How to prevent SQL code injection into my PHP code
– rray
The way I’m doing it is vulnerable to SQL Injection ?
– César Sousa
Can you give me an example of prepare to list content using while ?
– César Sousa
I’m here trying to do it but I’m not getting it
– César Sousa
The way you are programming is still possible yes SQL Injection attacks. PDO does not format your query automatically, you need to use Prepared statements. See a nice article here
– Oeslei
I’ve seen and done there a test I put up but it doesn’t work what might be wrong ?
– César Sousa
I think you wanted to ask your question about how to connect, '_'
– Lollipop
Off: I recently searched for some framework for PDO, I found this: https://github.com/usmanhalalit/pixie much faster, than writing everything in hand!
– Celso Marigo Jr