| Subject | Re: [firebird-php] Re: PDO extension |
|---|---|
| Author | Lester Caine |
| Post date | 2011-05-31T17:25:19Z |
fuentelucas wrote:
with 'binding' parameters - it only helps if you are reusing things for say a
bulk load.
$stmt = $dbh->ibase_query("INSERT INTO club (CLUB_CODE, CLUB_NAME, ADDRESS_1,
ADDRESS_2, ADDRESS_3, ADDRESS_4, POST_CODE)
VALUES ('$club_code', '$club_name',
'$address_1', '$address_2', '$address_3', '$address_4', '$post_code')");
$dbh->ibase_commit();
But I started using ADOdb years ago, and there I would use '?' for the values
and an array of values, so that any escaping is taken care off automatically.
( single quotes in name or address fields ;) )
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php
> Thanks Lester for your reply.Simplify things ... you are not going to use the query again, so don't bother
>
> I'd be happy just to use the php_interbase, which is installed, but I'm not able to insert data into a table from an HTML form with PHP5. The following code, which is a slight variation from code that works with sqlite3, doesn't work, no matter how I tinker with it.
> ----------------------------------------------------------
> <?php
> // Fill in the values entered in the HTML fields
> $club_code = $_POST['club_code'];
> $club_name = $_POST['club_name'];
> $address_1 = $_POST['address_1'];
> $address_2 = $_POST['address_2'];
> $address_3 = $_POST['address_3'];
> $address_4 = $_POST['address_4'];
> $post_code = $_POST['post_code'];
>
> // Insert some data into table CLUB
> if (isset($club_code)&& isset($club_name) == true) {
> try {
>
> // Create a prepared statement
>
> $stmt = $dbh->ibase_prepare('INSERT INTO club (CLUB_CODE, CLUB_NAME, ADDRESS_1, ADDRESS_2, ADDRESS_3, ADDRESS_4, POST_CODE)
> VALUES (:CLUB_CODE, :CLUB_NAME,
> :ADDRESS_1, :ADDRESS_2, :ADDRESS_3, :ADDRESS_4, :POST_CODE)');
> $stmt->bindparam(':CLUB_CODE', $club_code);
> $stmt->bindParam(':CLUB_NAME', $club_name);
> $stmt->bindParam(':ADDRESS_1', $address_1);
> $stmt->bindParam(':ADDRESS_2', $address_2);
> $stmt->bindParam(':ADDRESS_3', $address_3);
> $stmt->bindParam(':ADDRESS_4', $address_4);
> $stmt->bindParam(':POST_CODE', $post_code);
>
> $stmt->ibase_execute() or die(ibase_errmsg());
> $stmt->ibase_commit() or die(ibase_errmsg());
> }
> catch (Exception $e)
> {
> die ($e);
> }
> }
> else
> echo "Not ready!";
> ?>
> ----------------------------------------------------------
> Any pointers, clues or suggestions would be appreciated.
with 'binding' parameters - it only helps if you are reusing things for say a
bulk load.
$stmt = $dbh->ibase_query("INSERT INTO club (CLUB_CODE, CLUB_NAME, ADDRESS_1,
ADDRESS_2, ADDRESS_3, ADDRESS_4, POST_CODE)
VALUES ('$club_code', '$club_name',
'$address_1', '$address_2', '$address_3', '$address_4', '$post_code')");
$dbh->ibase_commit();
But I started using ADOdb years ago, and there I would use '?' for the values
and an array of values, so that any escaping is taken care off automatically.
( single quotes in name or address fields ;) )
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php