I am new to PDO and my question is, should I escape the $input

Question

0

Asked: June 8, 20262026-06-08T07:07:24+00:00 2026-06-08T07:07:24+00:00

I am new to PDO and my question is, should I escape the $input

0

I am new to PDO and my question is, should I escape the $input before adding it to the query? How should I implement it at it’s best?

$input= $_POST['time']; //2012-07-21 17:00:00

foreach($db->query('SELECT * FROM events WHERE TIMESTAMPDIFF( HOUR , TIME, $input ) < 2') as $row) {
    echo $row['name'];
}

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-08T07:07:25+00:00

In your case you would wan’t to use PDO::quote() although you should use prepared statements, It’s one of the major reasons why you do the switch to mysqli or PDO.

$db = new PDO('mysql:host=localhost;dbname=db', 'user','pass');

$query = $db->prepare('SELECT * FROM events WHERE TIMESTAMPDIFF( HOUR , TIME, :input ) < 2');
$query->bindValue(":input", $input, PDO::PARAM_INT);
$query->execute();
while($row = $query->fetch(PDO::FETCH_ASSOC))
{

}

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am new to PDO and my question is, should I escape the $input

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply