SQL prepared statement for TT
now you can use prepared statements to avoid sql injection for people who still use mysqli instead of PDO.
find and replace the code change following in mysql.class.php PHP Code:
replace the old mysqli procedural to Object Oriented FILE : functions.php PHP Code:
how to use: PHP Code:
default identifier is string,if you like to mention any other identifier like integer. PHP Code:
greetings to people who helped me :friend: |
we eliminated the need for thisEach()....(thanks to m-jay). You can check github for updates if it helps your project along. Thanks for the code. https://github.com/MicrosoulV3/TorrentTrader-v3. Feel free to help out if you want to, over at torrenttrader.uk. New ideas are always good. Hope you have a good day :)
Quote:
|
yeah sure
|
You do know there is a easy of doing this without the above
|
easy how?
|
Explain more please is this so I can start updating to use MYSQLi over MySQL ? little bit confused :P
SQL_Query_exec($GLOBALS["DBconnector"], $query) or mysqli_error(__file__, __line__); |
SQL_Query_exec(QUERY,PARAMETER,IDENTIFIER);
IF YOU DIDN'T MENTION ANY IDENTIFIER, DEFAULT IS STRING. THIS UPDATE IS FOR PEOPLE WHO USE MYSQLI INSTEAD OF PDO. YOU CAN EITHER USE PREPARED STATEMENTS (FOR COMPLETE PROTECTION AGAINST SQL INJECTION) OR NORMAL QUERY |
Quote:
you will be its not true msqli you do not need this part as well (__file__, __line__); |
ummm, mysqli_error does require that like this for precedural, but feel free to change it to OOP. I think thats what the OP was posting about anyways. I have no idea where bambam got that code from
mysqli_error($GLOBALS["DBconnector"]) |
All times are GMT +2. The time now is 12:35. |
Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.