Comments on: Converting your PHP app to MySQLi prepared statements http://www.greebo.net/2010/01/02/converting-your-php-app-to-mysqli-prepared-statements/ mostly useless crap from me Sat, 24 Jul 2010 11:56:43 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: vanderaj http://www.greebo.net/2010/01/02/converting-your-php-app-to-mysqli-prepared-statements/comment-page-1/#comment-21432 vanderaj Sun, 31 Jan 2010 03:02:48 +0000 http://www.greebo.net/?p=495#comment-21432 MySQLi's fetch_array only works with results from the dangerous, unsafe at any speed, shoot yourself always mysqli_query(). Something we should all be avoiding. It does *not* work for prepared statements. That's why there's workarounds like this: http://php.net/manual/en/mysqli-stmt.fetch.php#82742 MySQLi’s fetch_array only works with results from the dangerous, unsafe at any speed, shoot yourself always mysqli_query(). Something we should all be avoiding.

It does *not* work for prepared statements. That’s why there’s workarounds like this:
http://php.net/manual/en/mysqli-stmt.fetch.php#82742

]]> By: Pons http://www.greebo.net/2010/01/02/converting-your-php-app-to-mysqli-prepared-statements/comment-page-1/#comment-21412 Pons Fri, 29 Jan 2010 09:21:05 +0000 http://www.greebo.net/?p=495#comment-21412 fetch array exists: http://www.php.net/manual/en/mysqli-result.fetch-array.php fetch array exists:
http://www.php.net/manual/en/mysqli-result.fetch-array.php

]]> By: Notable Tech Posts – 2010.01.10 | The Life of Lew Ayotte http://www.greebo.net/2010/01/02/converting-your-php-app-to-mysqli-prepared-statements/comment-page-1/#comment-21339 Notable Tech Posts – 2010.01.10 | The Life of Lew Ayotte Mon, 11 Jan 2010 03:06:40 +0000 http://www.greebo.net/?p=495#comment-21339 [...] Converting your PHP app to MySQLi prepared statements [...] [...] Converting your PHP app to MySQLi prepared statements [...]

]]> By: Ivan Zahariev http://www.greebo.net/2010/01/02/converting-your-php-app-to-mysqli-prepared-statements/comment-page-1/#comment-21324 Ivan Zahariev Tue, 05 Jan 2010 13:22:02 +0000 http://www.greebo.net/?p=495#comment-21324 I myself tend to always use MySQL prepared statements because of the security they provide against SQL injections. Note however, that before MySQL 5.1.17, prepared statements do not use the query cache (http://dev.mysql.com/doc/refman/5.1/en/query-cache-operation.html). PDO is another good alternative for PHP+prepared statements (http://php.net/manual/en/book.pdo.php). I myself tend to always use MySQL prepared statements because of the security they provide against SQL injections. Note however, that before MySQL 5.1.17, prepared statements do not use the query cache (http://dev.mysql.com/doc/refman/5.1/en/query-cache-operation.html).

PDO is another good alternative for PHP+prepared statements (http://php.net/manual/en/book.pdo.php).

]]> By: Greebo.net: Converting your PHP app to MySQLi prepared statements | Webs Developer http://www.greebo.net/2010/01/02/converting-your-php-app-to-mysqli-prepared-statements/comment-page-1/#comment-21314 Greebo.net: Converting your PHP app to MySQLi prepared statements | Webs Developer Mon, 04 Jan 2010 20:01:19 +0000 http://www.greebo.net/?p=495#comment-21314 [...] Greebo.net there’s a recent post that looks at converting the current database functionality in your application over to the MySQLi [...] [...] Greebo.net there’s a recent post that looks at converting the current database functionality in your application over to the MySQLi [...]

]]> By: Hari K T http://www.greebo.net/2010/01/02/converting-your-php-app-to-mysqli-prepared-statements/comment-page-1/#comment-21313 Hari K T Mon, 04 Jan 2010 06:33:38 +0000 http://www.greebo.net/?p=495#comment-21313 I think many of the sites are already running in PHP5. I have also found some are still sticking on PHP4 , may be because they don't worry about security :) . You can use mysqli_fetch_assoc . I think many of the sites are already running in PHP5. I have also found some are still sticking on PHP4 , may be because they don’t worry about security :) .

You can use mysqli_fetch_assoc .

]]> By: John Rockefeller http://www.greebo.net/2010/01/02/converting-your-php-app-to-mysqli-prepared-statements/comment-page-1/#comment-21310 John Rockefeller Mon, 04 Jan 2010 05:32:49 +0000 http://www.greebo.net/?p=495#comment-21310 Great article. I'm looking forward to the next one about PDO. It's surprising how many websites are not XSS or injection secure :( Great article. I’m looking forward to the next one about PDO. It’s surprising how many websites are not XSS or injection secure :(

]]> By: abcphp.com http://www.greebo.net/2010/01/02/converting-your-php-app-to-mysqli-prepared-statements/comment-page-1/#comment-21309 abcphp.com Mon, 04 Jan 2010 04:42:15 +0000 http://www.greebo.net/?p=495#comment-21309 <strong>Converting your PHP app to MySQLi prepared statements | cat slave diary...</strong> Okay, you’ve got like a zillion SQL queries in your PHP app, and probably 95% of them have a WHERE clause, and you need to make them safe so people will still download and use your app. Because if you don’t fix your injection issues, I will rain fire o... Converting your PHP app to MySQLi prepared statements | cat slave diary…

Okay, you’ve got like a zillion SQL queries in your PHP app, and probably 95% of them have a WHERE clause, and you need to make them safe so people will still download and use your app. Because if you don’t fix your injection issues, I will rain fire o…

]]>