check this please
$user_id = (int)$_GET['user_id'];
$sql = 'DELETE FROM users WHERE user_id=:user_id';
$query = $db->prepare($sql);
$query->bindParam('user_id',$user_id,PDO::PARAM_STR);
$delete = $query->execute();
actually it is wokring prperly and it deletes the user row from database
but the question here is that i didn't write ':' that column in the bind query i mean
this should be wrong
$query->bindParam('user_id',$user_id,PDO::PARAM_STR);
this should be correct
$query->bindParam(':user_id',$user_id,PDO::PARAM_STR);
but it doesn't throw any exception and the user row is being deleted successfully
any explaination about this ?
This post explains why the use of the colon is needed.
Is the leading colon for parameter names passed to PDOStatement::bindParam() optional?
From the post:
No, since the documentation doesn't mention this I think it's safe to assume that this behaviour isn't officially supported and shouldn't be relied upon.
However, it does actually happen to work (in PHP 5.3.24 at least) - internally a colon will be added to the parameter if it's missing (see ext/pdo/pdo_stmt.c:363 in the PHP 5.3.24 source code).
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments