1

I already have working code, however tjis doesn't strip the data and 90% of the data is untrusted. This is written inside an Object which extends the PDO Object.

public function query(
    $statement, array $values = array()
) {
    $stmp = parent::Prepare($statement);
    return (empty($values)) ? $stmp->execute() : $stmp->execute($values);
}

Is the a way I can use bindParam() to do this using a for statement?

Jaquarh
  • 6,493
  • 7
  • 34
  • 86
  • By the way, you shouldn't return a boolean. Instead, you should return your statement variable, which you call "$stmp". So just make your code as `return $stmp->execute($values);` – Your Common Sense Jul 04 '16 at 03:22
  • so my code should look more like: `(empty($values)) ? $stmp->execute() : $stmp->execute($values); return $stmp;` ? I suppose thats better for debugging @YourCommonSense – Jaquarh Jul 07 '16 at 21:11
  • it should be just `return $stmp->execute($values);`. I don't understand what debugging you are talking about – Your Common Sense Jul 08 '16 at 03:28

0 Answers0