are enterprising prepared statements bad? (with php + mysqli)


i conformity enterprising sql i confidence + softened opening prepared statements. i unequivocally wish enterprising prepared statements, complicated since bind_param bind_result accept "fixed" array arguments. i finished an eval() matter around problem. nonetheless i feeling bad idea. here's instance formula i mean



// array where conditions
$param = array('customer_id'=>1, 'qty'=>'2');
$stmt = $mysqli->stmt_init();

$types = ''; $bindparam = array(); $where = ''; $count = 0;

// build enterprising sql param bond conditions
foreach($param $key=>$val)
{
    $types .= 'i';
    $bindparam[] = '$p'.$count.'=$param["'.$key.'"]'; 
    $where .= "$key = ? ";
    $count++;
}

// prepared query -- name * t1 where customer_id = ? qty = ?
$sql = "select * t1 where ".substr($where, 0, strlen($where)-4);
$stmt->prepare($sql);

// arrange bind_param command
$command = '$stmt->bind_param($types, '.implode(', ', $bindparam).');';

// weigh management -- $stmt->bind_param($types,$p0=$param["customer_id"],$p1=$param["qty"]);
eval($command);


is final eval() matter bad idea? i attempted prevaricate formula injection encapsulating values behind non-static name $param.



does anyone have an opinion suggestions? there issues i need wakeful of?



Comments

Post a Comment

Popular posts from this blog

list macos calm editors formula editors

i searched found maudite's doubt text editors nonetheless windows. as have doubt guessed, i am perplexing out there any text/code editors mac besides i know of. i'll correct post consolidate editors listed. free textwrangler xcode mac vim aquamacs closer uncanny emacs jedit editra eclipse netbeans kod textmate2 - gpl brackets atom.io commercial textmate bbedit subethaedit coda sublime calm 2 smultron webstorm peppermint articles associated subject faceoff, best calm editor ever? maceditors.com, mac editors comforts compared thank everybody total suggestions.
Read more

how i practical urls indicate .aspx pages asp.net deployed an iis? (preferably but iis)

what's best proceed good purify url structure smoke-stack yield has? do i need iis this? there proceed i arrange mapping record asp .net? the site i wish hundreds pages, already deployed. i slight requires slightest volume changes possible. note: i do not wish suggestions urls friendly i do wish suggestions best control permitted urls emanate mappings. i fundamentally wish have any route ends aspx have aspx progression instead feeling folder an index.aspx inside it. -> edit: i'm controlling iis 6.0
Read more

jaxb - xjc - reworking generated typesafe enum category members

when compiling following simpletype xjc accumulate (from jaxb package)... <xs:simpletype name="test"> <xs:annotation> <xs:appinfo> <jaxb:typesafeenumclass/> </xs:appinfo> </xs:annotation> <xs:restriction base="xs:string"> <xs:enumeration value="4"> <xs:annotation> <xs:appinfo> <jaxb:typesafeenummember name="four"/> </xs:appinfo> </xs:annotation> </xs:enumeration> <xs:enumeration value="6"> <xs:annotation> <xs:appinfo> <jaxb:typesafeenummember name="six"/> </xs:appinfo> </xs:annotation> </xs:enumeration> </xs:restriction> </xs:simpletype> i finish adult following enum java (import statements comments removed) @xmlenum public ...
Read more