> On 24 Jun 2021, at 17:16, Craig Francis <cr...@craigfrancis.co.uk> wrote:
>
> On Thu, 24 Jun 2021 at 10:55, Stephen Reay <php-li...@koalephant.com> wrote:
>
>> but still I have to keep asking: Why integers at all?
>>
>
>
> While I'm not a fan of this approach, there is a lot of existing code and
> tutorials that use:
>
> $sql = 'WHERE id IN (' . implode(',', array_map('intval', $ids)) . ')';
>
> $sql = sprintf('SELECT * FROM table WHERE id = %d;', intval($id));
>
> Craig
Yeah you’ve said this about a dozen times now. Parameterisation exists. Query
builders that do this already using parameterisation, exist.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
- Re: [PHP-DEV] [RFC] Name issue - is_literal/is_trusted Stephen Reay
- Re: [PHP-DEV] [RFC] Name issue - is_literal/is_trusted Scott Arciszewski
- Re: [PHP-DEV] [RFC] Name issue - is_literal/is_trusted Guilliam Xavier
- Re: [PHP-DEV] [RFC] Name issue - is_literal/is_trusted Scott Arciszewski
- Re: [PHP-DEV] [RFC] Name issue - is_literal/is_trusted Stephen Reay
- Re: [PHP-DEV] [RFC] Name issue - is_literal/is_trusted Scott Arciszewski
- Re: [PHP-DEV] [RFC] Name issue - is_literal/is_trusted Stephen Reay
- Re: [PHP-DEV] [RFC] Name issue - is_literal/is_trusted Kamil Tekiela
- Re: [PHP-DEV] [RFC] Name issue - is_literal/is_trusted Stephen Reay
- Re: [PHP-DEV] [RFC] Name issue - is_literal/is_trusted Craig Francis
- Re: [PHP-DEV] [RFC] Name issue - is_literal/is_trusted Stephen Reay
- Re: [PHP-DEV] [RFC] Name issue - is_literal/is_trusted Rowan Tommins
