[prog] Placeholders and earlier versions of PHP
Jacinta Richardson
jarich at perltraining.com.au
Tue May 3 09:00:46 EST 2005
Teri Solow wrote:
> Jacinta Richardson imparted (2005-05-02 @ 09:52:36 +1000):
>
>>>2. Use placeholders religiously.
>
>
> I notice that in your examples you use mysqli functions. Mysqli is only
> available in PHP 5, so... is there any way to get similar built-in
> functionality in PHP 4? I'm running Debian stable on my server and it
> was hard enough to get a backport of PHP 4.3- I don't even want to
> imagine how bad it would be to get a backport of PHP 5 :)
Unfortunately not, so far as I am aware. As I said earlier, PHP has only just
started allowing placeholders. I have no idea what took it so long. Perhaps it
was waiting on the new object model?
In your case all you can do is make sure that you very carefully quote your
values before you pass them in. Checking their validity with a regular
expression is a good idea too:
$id = $_POST['id'];
// $id should be a number:
preg_match("/^(\d+)$/, $id, $matches);
if( ! $matches[0] ) {
// $id was invalid....
}
It's the whole: never trust anything that came in from the user approach. It's
very important because curious users, stupid users and malicious users might all
give your programs crappy data which you'd rather not be putting into your db
anyway.
All the best,
Jacinta
--
("`-''-/").___..--''"`-._ | Jacinta Richardson |
`6_ 6 ) `-. ( ).`-.__.`) | Perl Training Australia |
(_Y_.)' ._ ) `._ `. ``-..-' | +61 3 9354 6001 |
_..`--'_..-_/ /--'_.' ,' | contact at perltraining.com.au |
(il),-'' (li),' ((!.-' | www.perltraining.com.au |
More information about the Programming
mailing list