Home
Blogs
Forums
News
Portfolios
Projects
Tutorials
19 users logged in
New? Learn about game development.
Before posting, review our community guidelines.
Follow Us
Chat in the GameDev.net Discord!
Mastodon
Back to General and Gameplay Programming

Databases: Why should I use prepared statements?

Started by
9 comments, last by Flyverse 8 years, 8 months ago

Another question: I read a bit more about prepared statements, and it seems you can't use them to verify table names etc; What should I do then, if I let the user specify, for example, in which order he wants to sort the result? (I'm requesting this data per GET so the user can change it easily, and thus, until now, I just verified if the variable in question either is equals to "desc" or "asc"...)

And why not simply use mysql_escape_string (Or something)? This is also a function that should include "prevention done by experts", so where is the advantage of prepared statements now, if you exclude performance?

EDIT: Nevermind, found the answer for my second question on google.

This topic is closed to new replies.

Advertisement

Popular Topics

aigan
The promise of freedom in story games Game Design and Theory
Nosey
Ideas for a new genre (anonimous) Game Design and Theory
KielanT
DirectX 12 Renderer Graphics and GPU Programming
MrK45
Inheriting from application registered class AngelCode
Advertisement

Recommended Tutorials

Ruben Torres Bonet (The Gamedev Guru)
Unity Optimization: Your Scene Hierarchy is Robbing you General and Gameplay Programming
GameDev.net
Choosing a Language General and Gameplay Programming
Myopic Rhino
Morsel Interviews
Myopic Rhino
Games and the Imagination Part II Game Design and Theory
Myopic Rhino
Designing Games for the Wage Slave Game Design and Theory

Reticulating splines

About GameDev.net
Community Guidelines
Terms of Service
Privacy Policy
Contact Us
Copyright (c) 1999-2024 GameDev.net, LLC
Back to Top