(Ovid - security and bind variables) Re: Retrieval of ID# as Integer from MySQL

Select or download this

foo';DROP TABLE press_release;SELECT * FROM press_release WHERE header
+='foo

Select or download this

SELECT id FROM press_release WHERE header = 'foo';
DROP TABLE press_release;
SELECT * FROM press_release WHERE header='foo'

Select or download this

$header    = $dbh->quote( $header );

# note the *lack* of single quotes around $header
$header_id = $dbh->prepare("SELECT id FROM press_releases WHERE header
+ = $header");

Select Code to Download