jmercier jmercier - 1 year ago 115
MySQL Question

Is it secure to Store value in var for PDO PHP?

I wonder if it secure to store value for a prepared query like that :

$notGood = 'yes';
$req = $pdo->prepare('SELECT id_user, name_user, tel_user, a_valid_user FROM user WHERE a_valid_user = ?');

I do not know if it's the right way to do when you know in advance the value.
Thanks for your advices


Yes, as long as your variable is represented by a placeholder (?) in the query, it is safe.

In case you are curious whether it is secure or not to send a variable into execute, it's just a syntax sugar for bindValue(), which makes PDO extremely convenient in use. So I recommend to use it whenever possible.