I still write my queries like so: $result = mssql_query(" SELECT id, title FROM publication WHERE id = '$public_id' "); while($row = mssql_fetch_array($result)){ //Get image, issues $resultb = mssql_query(" SELECT id, img FROM publication_issue WHERE publication_id = ".$row['id']." "); while ($rowb = mssql_fetch_array($resultb)){ echo'<a href="pubissue.php?id=',$rowb['id'],'" class="product" data-type="magazine" data-url="pubissue.php?id=',$rowb['id'],'" title="',$row['title'],'"><img src="/',$rowb['img'],'" alt="" height="125" width="89"></a>'; } } PHP: And I realise that this is quite insecure and that there are frameworks out there such as PDO and SQLi which are pretty much standard. 1. What would be the ideal framework to use with MSSQL 2. Are there any distinct advantages/disadvantages between the above? 3. Are there any frameworks which enable you to securely run dynamic queries: What I mean by #3 is having all queries running by single queries such as; Select: SELECT $select FROM $table $where_if_like PHP: Any suggestions are welcomed. Thanks.
I did try PDO but kept getting errors with driver not found. Looked into it and it looks like it's active in my phpinfo file: Couldn't get any further than that. :-(
<?php phpinfo(); ?> Code (markup): See if PDO is compiled/linked. Also, there are some nice PEAR SQL libraries.
The above was the PDO section of the phpinfo file. What do you mean by compiled/linked, I don't see anything that gives me any clue to this..
My error - I didn't see that PDO was in the info. (That means that it's compiled [if it's Linux] or linked [if it's Windows].) I'd say that my wife was talking to me when I made that post, but that's a copout - I have no idea why I missed it.
Do you have any idea why I may be getting driver not found error? Quite annoying and I really need to switch to a more secure way of running queries.
It doesn't matter, simple problem was that I'm running Plesk on Windows Server 2008. PHP was already installed on the server, so I didn't realize that I was editing the wrong PHP configuration file. For anybody else who encounters this problem, all I had to do was go into: Edit the PHP configuration file and un-comment this line: