NYCPHP Meetup

[Michael Southwell]

Flavio daCosta wrote:

> This is a perfect example of why prepared statements are so much better
> for SQL injection avoidance than straight SQL calls. 

Exactly why I'm working on understanding the mechanism behind it, so I 
can explain it rather than just demonstrating it.

One last question: when affected_rows returns -1 (according to the docs) 
it "indicates that the query returned an error." My example demonstrates 
this by throwing an exception here:
   if ( $demo -> affected_rows == -1 ) throw new Exception ( "error 
trying to find wines with name “" . $param . '”'  );

Where is the error that the query returned?  It's not in $demo -> error.

> Hopefully helpful and not confusing ;-)

Very much so; many thanks.

-- 
=================
Michael Southwell
Vice President, Education
NYPHP TRAINING:  http://nyphp.com/Training/Indepth