The Ultimate Guide to High Availability with MariaDB

Comments - WHERE usage in MariaDB

6 years, 5 months ago Brian Evans
Re: WHERE usage in MariaDB [Answer]

Please do not build queries like this. It is error prone and unsafe. Instead use prepared statements. This looks to be PHP so you should do something like

$pdo = new \PDO($connection_string)
$query = "UPDATE users SET username = ?, password = ? WHERE id = ?";
$stmt = $pdo->prepare($query);
$stmt->execute(array($username, $password, $id));

This code is safe from injections and easily shows the query. When you did it your way, you added an extra comma which was not as easily seen.

 
6 years, 5 months ago Konstantinos Xenos
Re: WHERE usage in MariaDB

Well spoted! Thanks Brian :)

 
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.