[nycphp-talk] mysqli exception problem
Michael Southwell
michael.southwell at nyphp.com
Mon Nov 5 20:34:57 EST 2007
Flavio daCosta wrote:
> This is a perfect example of why prepared statements are so much better
> for SQL injection avoidance than straight SQL calls.
Exactly why I'm working on understanding the mechanism behind it, so I
can explain it rather than just demonstrating it.
One last question: when affected_rows returns -1 (according to the docs)
it "indicates that the query returned an error." My example demonstrates
this by throwing an exception here:
if ( $demo -> affected_rows == -1 ) throw new Exception ( "error
trying to find wines with name “" . $param . '”' );
Where is the error that the query returned? It's not in $demo -> error.
> Hopefully helpful and not confusing ;-)
Very much so; many thanks.
--
=================
Michael Southwell
Vice President, Education
NYPHP TRAINING: http://nyphp.com/Training/Indepth
More information about the talk
mailing list