|php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login|
Patch pdo-prepare for Online Doc Editor problem Bug #77348
Patch version 2018-12-27 11:32 UTCReturn to Bug #77348 | Download this patch
Index: prepare.xml =================================================================== --- prepare.xml (revision 346423) +++ prepare.xml (working copy) @@ -17,11 +17,11 @@ <para> Prepares an SQL statement to be executed by the - <function>PDOStatement::execute</function> method. The SQL statement can + <function>PDOStatement::execute</function> method. The statement template can contain zero or more named (:name) or question mark (?) parameter markers for which real values will be substituted when the statement is executed. - You cannot use both named and question mark parameter markers within the same - SQL statement; pick one or the other parameter style. + Both named and question mark parameter markers cannot be used within the same + SQL statement template; only one or the other parameter style. Use these parameters to bind any user-input, do not include the user-input directly in the query. </para> @@ -44,9 +44,9 @@ <function>PDOStatement::execute</function> for statements that will be issued multiple times with different parameter values optimizes the performance of your application by allowing the driver to negotiate - client and/or server side caching of the query plan and meta information, - and helps to prevent SQL injection attacks by eliminating the need to - manually quote the parameters. + client and/or server-side caching of the query plan and meta information. Also, calling <function>PDO::prepare</function> and + <function>PDOStatement::execute</function> helps to prevent SQL injection attacks by eliminating the need to + manually quote and escape the parameters. </para> <para> PDO will emulate prepared statements/bound parameters for drivers that do @@ -76,7 +76,7 @@ returns. You would most commonly use this to set the <literal>PDO::ATTR_CURSOR</literal> value to <literal>PDO::CURSOR_SCROLL</literal> to request a scrollable cursor. - Some drivers have driver specific options that may be set at + Some drivers have driver-specific options that may be set at prepare-time. </para> </listitem>
Copyright © 2001-2019 The PHP Group
All rights reserved.
|Last updated: Mon Aug 19 01:01:26 2019 UTC|