Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
What is the counterpart of Command.SqlParameters.AddWithValue() of .NET in PHP? I want to avoid SQL injection, I just wonder if PHP already has the same method aside from escaping strings thru mysql_real_escape().
Thanks in advance!
PDO‘s
prepare()method andPDOStatement::bindParam()orPDOStatement::bindValue()The difference between the two is
bindParam()binds a reference to a variable. The variable value can change without having to re-bind the parameter. This is particularly useful in loops.bindValue()simply binds a static value to a parameter.