cHao

191 reputation

bio	website	127.0.0.1
	location	Richmond, VA
	age	37
visits	member for	2 years, 2 months
	seen	yesterday
stats	profile views	6

OK, i have to rant for a second. Why is it that of the thousands of posts of PHP/MySQL advice on SO, about 99.5% are still using mysql_query -- and about half of those could be the poster child for SQL injection?

It's really not that hard, y'all...

$db = new PDO(...);
$stmt = $db->prepare('
    SELECT some_stuff
    FROM some_table
    WHERE some_field = ?
');
$stmt->execute(array('some value'));

while ($row = $stmt->fetch())
{
     ...
}

I don't want to have to start calling people out on it, but seriously, prepared statements aren't just safer, they're freaking easier. Learn them or quit calling yourself a PHP programmer.

	191 reputation	bio	website	127.0.0.1	visits	member for	2 years, 2 months
4 badges		location	Richmond, VA		seen	yesterday

summary answers questions tags badges favorites bounties reputation activity

2 Answers

votes activity newest

5	Are files in a hidden directory safe?
1	Need to Stop Bots from Killing my Webserver

191 Reputation

+25	Need to Stop Bots from Killing my Webserver
+65	Are files in a hidden directory safe?

0 Questions

votes activity newest

This user has not asked any questions

5 Tags

5 security	1 robots.txt
5 directory	1 htaccess
1 php

31 Accounts

Stack Overflow	34,586 rep	63980
Meta Stack Overflow	1,361 rep	416
Code Review	1,121 rep	39
Programmers	582 rep	39
Super User	534 rep	27

4 Badges

recent class name

Editor	Teacher
Supporter	Autobiographer

0 Active bounties

active offered earned

This user has no active bounties

1 Vote Cast

all time			by type
1	up		0	question
0	down		1	answer

user feed