134
seCure develoPment For mobIle APPs
PDO Unnamed Parameters Example
$stmt = $pdo->prepare("INSERT INTO
members (name, email, id)
VALUES (?, ?, ?)";
//bind variable to a parameter
//unnamed parameters are numbered by order
//in this case 1, 2, 3
//by binding to variable,
//if the variable changes, the parameter changes
$stmt->bindParam(1, $name, PDO::PARAM_STR);
$stmt->bindParam(2, $email, PDO::PARAM_STR);
$stmt->bindParam(3, $id, PDO::PARAM_INT);
//insert first set of variables bound
$name = "Kam"
$email = "chef@mobilesec.com";
$id = "5";
$stmt->execute();
//change value of variables
//insert new set of values with same query
$name = "Wendy"
$email = "beautifulness@mobilesec.com";
$id = "1";
$stmt->execute();
Again, three steps are performed. First, the SQ ...