Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Parameter Array in sqlite3 world to achieve one-liner sql-injection safety #19237

Closed
@PiotrZ5

Description

Description

Can we mimic how execute_query works in mysqli or sqlsrv_query in MsSqlServer?
https://www.php.net/manual/en/mysqli.execute-query.php
https://www.php.net/manual/en/function.sqlsrv-query.php

Can we implement this in sqlite3 world to achieve one-liner sql-injection safety?

$db = new SQLite3(':memory:');
$db->exec('CREATE TABLE myTable (id INTEGER PRIMARY KEY, a TEXT, b TEXT, c TEXT)');
$st = $db->execute_query('SELECT ?,?,?',['a','b','c']);

Or even extend query() and exec() functions with parameters array:

$st = $db->query('SELECT ?,?,?',['a','b','c']);
$st = $db->exec('UPDATE MyTable set a=?, b=? where c=?',['a','b','c']);

This is similar to request: #9814

Metadata

Metadata

Type

No type

Projects

No projects

Milestone

No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      AltStyle によって変換されたページ (->オリジナル) /