a more efficient way to make the Insert bind and update large

Asked

Viewed 110 times

2

public function update($table, $data, $where,$criterios)
{

    $set = "";
    foreach ($data as $keyname => $value) {
        $set .= ($set == "") ? "" : ", ";
        $set .= $keyname . " = "  . ":".$keyname ;
    }

    $sql = "UPDATE $table SET $set WHERE $where";
    $stmt = $this->db->prepare($sql);

    foreach ($data as $placeholder => $valor) {
        $stmt->bindValue(":".$placeholder, $valor);
    }
    foreach ($criterios as $criterio => $valor) {
        $stmt->bindValue(":".$criterio, $valor);
    }
    return $stmt->execute();
}

update("tabelanome",$_POST,"WHERE :id=id",array("id"=>1));

there is something that can be done to make the code not vulnerable?

  • The execute() is a good option, here there’s another.

1 answer

1

As a parameter of execute(), you can enter an array with the key/value relation of the Binding parameters. This way, it is only popular the array and pass as method parameter. Example:

$bindingArray = array(
    ':bind1' => 'value1', 
    ':bind2' => 'value2'
);

$stmt->execute($bindingArray);

Browser other questions tagged

You are not signed in. Login or sign up in order to post.