Delicious Bookmark this on Delicious Share on Facebook SlashdotSlashdot It! Digg! Digg



PHP : Function Reference : ODBC Functions (Unified) : odbc_prepare

odbc_prepare

Prepares a statement for execution (PHP 4, PHP 5)
resource odbc_prepare ( resource connection_id, string query_string )

Examples ( Source code ) » odbc_prepare

A determined attacker will easily jump through whatever string-escaping hoops you can devise. 
A better way to protect yourself against SQL injection is to bind your parameters, which requires
 calling odbc_prepare() and odbc_execute():

<?php
$emp_id 
$_GET['emp_id'];
$stmt odbc_prepare($db_conn"SELECT pwd FROM employees WHERE emp_id=?");
$res odbc_execute($stmt, array($emp_id));
?>

Code Examples / Notes » odbc_prepare

marek

Use this example for IBM DB/2:
$q = "update TABLE set PASS=? where NAME=?";
$res = odbc_prepare ($con, $q);
$a = "secret"; $b="user";
$exc = odbc_execute($res, array($a, $b));


ron

odbc_exec() returns BOOLEAN if the query doesn't return a result set.
If the query returns a result set, odbc_exec() returns a resource to that result set.


bslorence

Is it just me or is the code above misleading? It makes it look like odbc_execute() returns a resource suitable, say, for passing to one of the odbc_fetch_* functions.
In fact, odbc_execute() returns a boolean, which simply indicates success (TRUE) or failure (FALSE). The variable to pass to odbc_fetch_* is the same one that you pass to odbc_execute():
<?php
$res = odbc_prepare($db_conn, $query_string);
if(!$res) die("could not prepare statement ".$query_string);
if(odbc_execute($res, $parameters)) {
   $row = odbc_fetch_array($res);
} else {
   // handle error
}
?>


Change Language


Follow Navioo On Twitter
odbc_autocommit
odbc_binmode
odbc_close_all
odbc_close
odbc_columnprivileges
odbc_columns
odbc_commit
odbc_connect
odbc_cursor
odbc_data_source
odbc_do
odbc_error
odbc_errormsg
odbc_exec
odbc_execute
odbc_fetch_array
odbc_fetch_into
odbc_fetch_object
odbc_fetch_row
odbc_field_len
odbc_field_name
odbc_field_num
odbc_field_precision
odbc_field_scale
odbc_field_type
odbc_foreignkeys
odbc_free_result
odbc_gettypeinfo
odbc_longreadlen
odbc_next_result
odbc_num_fields
odbc_num_rows
odbc_pconnect
odbc_prepare
odbc_primarykeys
odbc_procedurecolumns
odbc_procedures
odbc_result_all
odbc_result
odbc_rollback
odbc_setoption
odbc_specialcolumns
odbc_statistics
odbc_tableprivileges
odbc_tables
eXTReMe Tracker