Jump to content
Larry Ullman's Book Forums

Recommended Posts

Hi Larry,

 

I am progressively updating all my websites to use PDO for database actions rather than escape_data/mySQLi.

 

Can you please recommend the safest way to store HTML links in a database table using PDO.

 

Do they first need to be urlencoded, say, and/or quoted?

 

I have searched via Google but have not found clear guidance (for my aged brain anyway).

 

My code sequence is:

1) create a new PDO

2) create (say) SELECT with placeholders

3) prepare

4) bind parameters and values (one by one for clarity)

5) execute

6) check for successful execution

 

all within a try/catch block

 

then null the PDO.

 

Looking forward to your advice.

 

Cheers from Oz.

Link to comment
Share on other sites

My question relates to INSERT and UPDATE operations so my details above might be a bit misleading.

 

For the 'binds' I also append the type specifier, e.g., PDO::PARAM_STR etc.

 

To check for rows affected I add PDO::MYSQL_ATTR_FOUND_ROWS => true to the PDO creation statement.

 

Hope that makes it clearer.

 

Cheers

Link to comment
Share on other sites

Could you elaborate on where the HTML links are coming from (how they're being supplied) and the specific format? The safest option is to accept and store the URL and link title as two separate strings and then put them together in HTML using PHP. 

Link to comment
Share on other sites

Hi Larry,

 

I key the links in in a form - they just refer to a website for a member of a club that I'm the webmaster of. They are just HTML (<a ... etc ) so that if someone clicks the link, they will go to that website.

 

Someone else suggested just storing the link 'as is' in the database but applying htmlentities to it before echo-ing it to the page.

 

Again, thank you for your response and looking forward to your further advice.

 

Cheers

Link to comment
Share on other sites

 Share

×
×
  • Create New...