Using bind parameters to secure query.

davykiash · June 2017

Hello

I have been using direct value approach in my where clause in the query on the server which is not secure at all.

->where( 'my_field', $my_value, '=' )

How can I use the parameter approach , something almost similar to almost this?

->where( 'my_field', ':my_value', '=' );    
->bind( 'my_value',$value);

INTONE · June 2017

I had a similar question here: https://datatables.net/forums/discussion/42001/bind-on-where-paramete it turn out you do not need to bind because it is alreeady done for you. If you had:

->where( 'my_field', $my_value, '=',false );

then you would have to bind.

allan · June 2017

->where( 'my_field', $my_value, '=' )

This is secure. It will automatically be bound for you as @INTONE says.

Allan

Answers