Forum Discussion
PHP – Beginner PHP: SQL Injection
Hi MartinWard Thanks for getting in touch! Your code is close, but the lab is expecting a different style of prepared statement. The check will only pass when named parameters are used instead of the positional placeholders shown in your screenshot.
If you update it to follow the pattern in the briefing, it should pass. Feel free to send it over again if you want another pair of eyes. 🙂
Community SupportHi MartinWard Thanks for getting in touch! Your code is close, but the lab is expecting a different style of prepared statement. The check will only pass when named parameters are used instead of the positional placeholders shown in your screenshot.
If you update it to follow the pattern in the briefing, it should pass. Feel free to send it over again if you want another pair of eyes. 🙂
Thanks Madeline - I've had another look at the briefing and it says
"A prepared statement consists of a query template where some values are omitted and instead represented as question marks (?) or other predefined characters. These are called parameters or bind variables. The application then binds supplied values to the statement, which are safely escaped, formatted, and used to replace the bind variable placeholders"
isn't that what I have already done?
I've replaced the values with ? then bound the supplied values?
Not to worry - I have solved it :-)
Thank you for the pointer
