T
T
thehighhomie2017-03-20 17:40:27
PHP
thehighhomie, 2017-03-20 17:40:27

Escaping object properties in sql?

How to escape such variables $this->data['user_name'] in sql query? The date property is an array.
Tried $this->data['user_name'] and {$this->data['user_name']} and it still doesn't work.

Answer the question

In order to leave comments, you need to log in

5 answer(s)
K
Kirill Netesin, 2017-03-20
@thehighhomie

Look in the direction of php.net/manual/ru/pdostatement.execute.php, or if everything is really bad php.net/manual/ru/function.mysql-real-escape-string.php

T
trevoga_su, 2017-03-20
@trevoga_su

you need to learn php syntax first

A
Anton Anton, 2017-03-21
@Fragster

If it’s an array, then it won’t work directly, you need to construct an expression for IN, I once wrote a bug for PDO for this case (and for inserting several lines) pastebin.com/Lisnq0vE

D
Dmitry Eremin, 2018-01-17
@EreminD

because j++ is to first take the value (0), use it (write it to j), and then only increase
if you do

for (int i = 0; i < 10; i++) 
    j = ++j;
    // или j = j+1;
    // или j++
, get 10

D
Denis Zagaevsky, 2018-01-17
@zagayevskiy

In the chewed version, everything is clear, except for the last part, why j = z ?

Then, that is how the postfix increment operator is defined. Copy the value of the variable. Increment variable. Return the copied value. By this copying, the postfix increment (sh++) differs from the prefix increment (++sh).
The assignment is done at the very end, because it has a lower priority.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question