⊗ppSpPDPS 59 of 83 menu

Prepared Statements in PDO in PHP

In the previous lesson, we covered the problems associated with SQL injections. PDO has a special way to combat them - prepared statements. They are SQL queries in which special markers are placed instead of variables - placeholders.

Values of variables will then be inserted into these markers. In this case, PDO automatically separates the query text from the variables. This means the content of a variable cannot become a command for the query. And injection becomes impossible.

PDO supports two types of placeholders: positional and named. In positional ones, the order of parameters and variables is important, while in named ones it is not. In the next lessons, we will take a detailed look at working with these types of placeholders.

← →

↑

English▼

Afrikaans Azərbaycan Български বাংলা Беларуская Čeština Dansk Deutsch Ελληνικά Español Eesti Suomi Français हिन्दी Magyar Հայերեն Indonesia Italiano 日本語 ქართული Қазақ 한국어 Кыргызча Lietuvių Latviešu Македонски Melayu မြန်မာ Nederlands Norsk Polski Português Română Русский සිංහල Slovenčina Slovenščina Shqip Српски Srpski Svenska Kiswahili Тоҷикӣ ไทย Türkmen Türkçe Ўзбек Oʻzbek Tiếng Việt

We use cookies for website operation, analytics, and personalization. Data processing is carried out in accordance with the Privacy Policy.

accept all customize decline