The below prepared statement doesn’t insert into the database. $sid =1; $sid2 = $GET[‘sid2’];

Question

0

Asked: June 7, 20262026-06-07T03:15:52+00:00 2026-06-07T03:15:52+00:00

The below prepared statement doesn’t insert into the database. $sid =1; $sid2 = $GET[‘sid2’];

0

The below prepared statement doesn’t insert into the database.

$sid =1;
$sid2 = $GET['sid2']; //empty
$position = 0;
$name = "John";

$new = $connectdb->prepare("INSERT INTO `table1` VALUES ('',:sid,:sid2,:position,:name)");
                $new->execute(array(':sid'=>$sid,':sid2'=>$sid2,':position'=>$position,':name'=>$name));

When i add quotations to execute array values, then the insert works.

$new->execute(array(':sid'=>"$sid",':sid2'=>"$sid2",':position'=>"$position",':name'=>"$name"));

What i want to know is by adding quotations does this affect PDO’s sanitization?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-07T03:15:54+00:00

Editorial Team

2026-06-07T03:15:54+00:00Added an answer on June 7, 2026 at 3:15 am

The only difference in your case is $sid2 and "$sid2".

If $sid2 is a string, then $sid2 is same with "$sid2", but when $sid2 is null, then thing changed. If $sid2 is null, then "$sid2" will be empty string "".

If your column for sid2 has NOT NULL constraint, then you will failed to insert a null value, but you could insert empty string.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

The below prepared statement doesn’t insert into the database. $sid =1; $sid2 = $GET[‘sid2’];

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply