Forum Discussion
Bronze IIPHP – Beginner PHP: SQL Injection
hi
I cannot work out how to pass the checks for using a prepared statement.
I've looked at various guides and examples and the code I am submitting looks okay to me, but it will not pass the "Working" check.
Hi MartinWard Thanks for getting in touch! Your code is close, but the lab is expecting a different style of prepared statement. The check will only pass when named parameters are used instead of the positional placeholders shown in your screenshot.
If you update it to follow the pattern in the briefing, it should pass. Feel free to send it over again if you want another pair of eyes. 🙂
4 Replies
- SamDickison
Community Manager
Hey MartinWard sorry for the wait, I've requested some help from our team...
- MadelineDadamio
Community Support
Hi MartinWard Thanks for getting in touch! Your code is close, but the lab is expecting a different style of prepared statement. The check will only pass when named parameters are used instead of the positional placeholders shown in your screenshot.
If you update it to follow the pattern in the briefing, it should pass. Feel free to send it over again if you want another pair of eyes. 🙂
MartinWardThanks Madeline - I've had another look at the briefing and it says
"A prepared statement consists of a query template where some values are omitted and instead represented as question marks (?) or other predefined characters. These are called parameters or bind variables. The application then binds supplied values to the statement, which are safely escaped, formatted, and used to replace the bind variable placeholders"
isn't that what I have already done?
I've replaced the values with ? then bound the supplied values?- MartinWard
Not to worry - I have solved it :-)
Thank you for the pointer
