|
|
|
|
|
|
by troels
4690 days ago
|
|
|
In a typical loosely typed language, such as php et al., just keep the query and the data separate. E.g.: $params = array();
$sql = "select * from foobars where 1";
if (isset($_GET['name'])) {
$sql .= " and name = :name"
$params[':name'] = $_GET['name'];
}
$stmt = $db->prepare($sql);
$stmt->execute($params);
|
|
|