a more efficient way to make the Insert bind and update large

Question

a more efficient way to make the Insert bind and update large

Asked 8 years, 1 month ago

Viewed 110 times

2

public function update($table, $data, $where,$criterios)
{

    $set = "";
    foreach ($data as $keyname => $value) {
        $set .= ($set == "") ? "" : ", ";
        $set .= $keyname . " = "  . ":".$keyname ;
    }

    $sql = "UPDATE $table SET $set WHERE $where";
    $stmt = $this->db->prepare($sql);

    foreach ($data as $placeholder => $valor) {
        $stmt->bindValue(":".$placeholder, $valor);
    }
    foreach ($criterios as $criterio => $valor) {
        $stmt->bindValue(":".$criterio, $valor);
    }
    return $stmt->execute();
}

update("tabelanome",$_POST,"WHERE :id=id",array("id"=>1));

there is something that can be done to make the code not vulnerable?

The execute() is a good option, here there’s another.

– rray

2016/05/12 at 01:46

1 answer

Browser other questions tagged php pdo

You are not signed in. Login or sign up in order to post.

by Rafael Almeida • **2,585** points · Answer 1 · 2016-05-12T01:20:28+00:00

As a parameter of execute(), you can enter an array with the key/value relation of the Binding parameters. This way, it is only popular the array and pass as method parameter. Example:

$bindingArray = array(
    ':bind1' => 'value1', 
    ':bind2' => 'value2'
);

$stmt->execute($bindingArray);