Understanding how to bind parameters and insert data in Adodb?

S in the SQL serve as placeholders for values that are bound to the statement. When executed, ADO is executing (given your example) select * from table where val=10 You should be able to construct your insert SQL roughly as: INSERT INTO `table` (`col1`, `col2` ...) VALUES(?,?...) Passing in your values (in the correct order) will render the appropriate query.

I currently have: "UPDATE x_ast_attr SET cust_val = '$attr' WHERE id='$this->assetid'" – Nic Hubbard Mar 4 '10 at 5:03.

Using mysql_real_escape_string should do the trick too, it escapes the quotes automatically after which you can insert data into the database, consider this example: $str = 'Test string in db string content'; $str_escaped = mysql_real_escape_string($str); Now you can safely use the $str_escaped variable to insert data into the database. Furthermore, it is useful in preventing SQL injection attacks.

Stackoverflow. Com/questions/2353666/… – jasonbar Mar 2 '10 at 7:54 @jasonbar: could you be more specific? – Sarfraz Mar 2 '10 at 7:57 I mean, you just argued that mysql_real_escape_string() is not sufficient for preventing SQL injections.

Now it is? This also doesn't address the question. – jasonbar Mar 2 '10 at 7:59 @jasonbar: I said "mysql_real_escape_string is not sufficient in all situations but it is definitely very good friend.

" you see I did not reject it totally, I said it is good too, it is a very good friend and then I said but prepared statements were better. Hope that clarifies. – Sarfraz Mar 2 '10 at 8:01 @Sarfraz: He's actually using prepared statements here, though.

I understand and agree with your position. Also, You have a typo "mysql-real-escape-string" – jasonbar Mar 2 '10 at 8:10.

$sql); // The count of bind should be 1 less then the count of segments // If there are more bind arguments trim it down if (count($binds) >= count($segments)) { $binds = array_slice($binds, 0, count($segments)-1); } // Construct the binded query $result = $segments0; $i = 0; foreach ($binds as $bind) { $result . = mysql_real_escape_string($bind); $result . = $segments++$i; } return $result; } Then you could have a function: function query($sql, $binds) { return $db->Execute(compile_binds($sql, $binds)); } $query = query('select * from table where val=?

', array('10')).

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.