Home/ Questions/Q 497859
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T05:49:19+00:00

I have an assoc array filled with the values necessary for a PDOstatement. Should

  • 0

I have an assoc array filled with the values necessary for a PDOstatement. Should I, bind each value then call execute? Or call execute passing it the array of values?

Array(
  [name] => Joe
  [value] => some content
)

Should I:

foreach($data as $key => $value){
  $statement->bindValue($key, $value);
}
execute();

OR

execute($data);

As far as I am aware, binding the data does some form of data sanitation similar to mysql_real_escape_string. I am uncertain whether I need to bind the values to achieve that affect or if I can just pass the data array to execute() and assume it has been properly escaped?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It doesn’t matter when you use a prepared statement.

    Please note that your data will not be sanitized nor escaped in any way, it is entered in the database exactly as it is.

    By the way, Kemo is right, but this is the more appropriate link: or use bind or use an array

    • 0