Necuima Posted June 9, 2017 Share Posted June 9, 2017 Hi Larry, I am progressively updating all my websites to use PDO for database actions rather than escape_data/mySQLi. Can you please recommend the safest way to store HTML links in a database table using PDO. Do they first need to be urlencoded, say, and/or quoted? I have searched via Google but have not found clear guidance (for my aged brain anyway). My code sequence is: 1) create a new PDO 2) create (say) SELECT with placeholders 3) prepare 4) bind parameters and values (one by one for clarity) 5) execute 6) check for successful execution all within a try/catch block then null the PDO. Looking forward to your advice. Cheers from Oz. Link to comment Share on other sites More sharing options...
Necuima Posted June 9, 2017 Author Share Posted June 9, 2017 My question relates to INSERT and UPDATE operations so my details above might be a bit misleading. For the 'binds' I also append the type specifier, e.g., PDO::PARAM_STR etc. To check for rows affected I add PDO::MYSQL_ATTR_FOUND_ROWS => true to the PDO creation statement. Hope that makes it clearer. Cheers Link to comment Share on other sites More sharing options...
Larry Posted June 14, 2017 Share Posted June 14, 2017 Could you elaborate on where the HTML links are coming from (how they're being supplied) and the specific format? The safest option is to accept and store the URL and link title as two separate strings and then put them together in HTML using PHP. Link to comment Share on other sites More sharing options...
Necuima Posted June 16, 2017 Author Share Posted June 16, 2017 Hi Larry, I key the links in in a form - they just refer to a website for a member of a club that I'm the webmaster of. They are just HTML (<a ... etc ) so that if someone clicks the link, they will go to that website. Someone else suggested just storing the link 'as is' in the database but applying htmlentities to it before echo-ing it to the page. Again, thank you for your response and looking forward to your further advice. Cheers Link to comment Share on other sites More sharing options...
Larry Posted June 16, 2017 Share Posted June 16, 2017 Yeah, I'd just take the URL and the link title as two separate strings, store them as separate strings (without any encoding), and then use PHP to make them as links when needed. Link to comment Share on other sites More sharing options...
Necuima Posted June 17, 2017 Author Share Posted June 17, 2017 Thanks, Larry. Cheers from Oz. Link to comment Share on other sites More sharing options...
Recommended Posts