This course will be retired on June 1, 2025.
Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Start a free Courses trial
to watch this video
Whenever a piece of code receives input from somewhere else, whether that's directly from a site visitor or from code dealing with another concern, you want to filter or sanitize that input. We’ll use the built in PDO functionality to filter input as well, it is called a prepared statement.
Links
Documentation: PDO::prepare
Documentation: PDOStatement Class
Documentation: bindParam
Example Code
try {
$results = $db->prepare(
"SELECT title, category, img, format, year,
publisher, isbn, genre
FROM Media
JOIN Genres ON Media.genre_id=Genres.genre_id
LEFT OUTER JOIN Books
ON Media.media_id = Books.media_id
WHERE Media.media_id = ?"
);
$results->bindParam(1,$id,PDO::PARAM_INT);
$results->execute();
} catch (Exception $e) {
echo "bad query";
echo $e;
}
$item = $results->fetch(PDO::FETCH_ASSOC);
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up