just a quick question about binding in php
I know if you do something like
$select = update my_table set name ='".$posted_name.'" where id=1;
and that is subjected to sql injection
but how will you bind the query below
$select = update my_table set name ='".$posted_name[$a].'" where id=1;
IN my bind array this is how I am binding anything without [$a]
for any example with the first statement I am doing
$select = update my_table set name =:p_update_name where id=1;
$bind_update = array('p_update_name' => $t_update_name);
Try like this:
$stmt = $dbh->prepare("INSERT INTO REGISTRY (name, value) VALUES (?, ?)");
$stmt->bindParam(1, $name);
$stmt->bindParam(2, $value);
// insert one row
$name = 'one';
$value = 1;
$stmt->execute();
you don't have to make all the names equal.
$select = "update my_table set name =:whatever where id=1";
$bind_update = array('whatever' => $random_variable);
will do. so it can be any variable you can think of. As long as it's scalar variable though