Recently, I just tried to be more secure by avoiding SQL Injection attack by using PDO::Prepare. It worked just fine except when I need to update a date field. It failed to update without warning.
Unlike the ODBC series, the PDO does not report database errors by default. It took me quite some time before I realize that the date has to be in "Y-m-d" format.
By the way, to get PHP to show the PDO error you can set
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);
$sql = "SELECT * FROM booksa";
$q = $conn->query($sql) or die("ERROR: " . implode(":", $conn->errorInfo())); 
No comments:
Post a Comment