There is a large benefit from the point of view of security. SQL
Injection is one of the more common vulnerabilities on the net, besides
XSS. It is likely that a query which does not use bound parameters is
vulnerable to SQL Injection. Properly escaping your variables is much
better than simply putting them in a query string but bound parameters,
IMHO, are the closest you can get to a guarantee of security when
building queries.
Kevin Schroeder
Technology Evangelist
Zend Technologies, Ltd.
www.zend.com
www.twitter.com/kpschrade
www.eschrade.com
-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx]
On Behalf Of Grizzly Malchow
Sent: Monday, April 12, 2010 3:43 PM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] Calling a stored procedure from PHP, they can't
make this stuff any easier.
I never got into the habit of defining parameters and binding them. I'm
sure there are benefits, but it seems like less work to me to just build
the sql statement as a string and use db2_exec.
-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx]
On Behalf Of Tom Deskevich
Sent: Monday, April 12, 2010 3:34 PM
To: 'Web Enabling the AS400 / iSeries'
Subject: [WEB400] Calling a stored procedure from PHP, they can't make
this stuff any easier.
I know I have asked about this in other posts, but am desperate.
I have never got an answer in my past posts.
I put about 20 hours into trying to call a stored procedure from the
as400 so far using PHP. I have tried i5_ commands and Db2_ commands. I
have googled till I am googley eyed. Of the handful of examples I have
found, none work.
I created the stored procedure with iseries navigator. I am assuming it
shortens the name because it is now called PROC_00001. But that object
has never been called. So I know my call the stored procedure call has
NEVER been successful.
Connection:
require_once('Connection.php');
try {
$conn = new Connection();
} catch (Exception $e) {
echo "Failure to connect";
echo $e->getMessage();
die();
I do get past this with no errors.
The i5 and db2 examples are such a mess, I cannot really include them
because they have been changed so much to try to make them work, I am
not even sure how they started out.
Please help!
Thanks.
Tom Deskevich
As an Amazon Associate we earn from qualifying purchases.
This thread ...
Calling a stored procedure from PHP, they can't make this stuff any easier., (continued)
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.