Jump to content
Larry Ullman's Book Forums

Recommended Posts

Hi Larry,

 

I am progressively updating all my websites to use PDO for database actions rather than escape_data/mySQLi.

 

Can you please recommend the safest way to store HTML links in a database table using PDO.

 

Do they first need to be urlencoded, say, and/or quoted?

 

I have searched via Google but have not found clear guidance (for my aged brain anyway).

 

My code sequence is:

1) create a new PDO

2) create (say) SELECT with placeholders

3) prepare

4) bind parameters and values (one by one for clarity)

5) execute

6) check for successful execution

 

all within a try/catch block

 

then null the PDO.

 

Looking forward to your advice.

 

Cheers from Oz.

Share this post


Link to post
Share on other sites

My question relates to INSERT and UPDATE operations so my details above might be a bit misleading.

 

For the 'binds' I also append the type specifier, e.g., PDO::PARAM_STR etc.

 

To check for rows affected I add PDO::MYSQL_ATTR_FOUND_ROWS => true to the PDO creation statement.

 

Hope that makes it clearer.

 

Cheers

Share this post


Link to post
Share on other sites

Could you elaborate on where the HTML links are coming from (how they're being supplied) and the specific format? The safest option is to accept and store the URL and link title as two separate strings and then put them together in HTML using PHP. 

Share this post


Link to post
Share on other sites

Hi Larry,

 

I key the links in in a form - they just refer to a website for a member of a club that I'm the webmaster of. They are just HTML (<a ... etc ) so that if someone clicks the link, they will go to that website.

 

Someone else suggested just storing the link 'as is' in the database but applying htmlentities to it before echo-ing it to the page.

 

Again, thank you for your response and looking forward to your further advice.

 

Cheers

Share this post


Link to post
Share on other sites

Yeah, I'd just take the URL and the link title as two separate strings, store them as separate strings (without any encoding), and then use PHP to make them as links when needed.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...