Pdo - Safest Way To Store A Link

[Necuima]

Hi Larry,

 

I am progressively updating all my websites to use PDO for database actions rather than escape_data/mySQLi.

 

Can you please recommend the safest way to store HTML links in a database table using PDO.

 

Do they first need to be urlencoded, say, and/or quoted?

 

I have searched via Google but have not found clear guidance (for my aged brain anyway).

 

My code sequence is:

1) create a new PDO

2) create (say) SELECT with placeholders

3) prepare

4) bind parameters and values (one by one for clarity)

5) execute

6) check for successful execution

 

all within a try/catch block

 

then null the PDO.

 

Looking forward to your advice.

 

Cheers from Oz.

[Necuima]

My question relates to INSERT and UPDATE operations so my details above might be a bit misleading.

 

For the 'binds' I also append the type specifier, e.g., PDO::PARAM_STR etc.

 

To check for rows affected I add PDO::MYSQL_ATTR_FOUND_ROWS => true to the PDO creation statement.

 

Hope that makes it clearer.

 

Cheers

[Larry]

Could you elaborate on where the HTML links are coming from (how they're being supplied) and the specific format? The safest option is to accept and store the URL and link title as two separate strings and then put them together in HTML using PHP. 

[Necuima]

Hi Larry,

 

I key the links in in a form - they just refer to a website for a member of a club that I'm the webmaster of. They are just HTML (<a ... etc ) so that if someone clicks the link, they will go to that website.

 

Someone else suggested just storing the link 'as is' in the database but applying htmlentities to it before echo-ing it to the page.

 

Again, thank you for your response and looking forward to your further advice.

 

Cheers

[Larry]

Yeah, I'd just take the URL and the link title as two separate strings, store them as separate strings (without any encoding), and then use PHP to make them as links when needed.

[Necuima]

Thanks, Larry.

 

Cheers from Oz.