// $db is a PDO object connecting to a MySQL server using the MySQL Native Driver on PHP 5.3.2 running on Ubuntu
$stmt= $db->prepare("SELECT passhash FROM users WHERE username=:user LIMIT 1");
$stmt->bindParam(":user", $username);
$stmt->execute();
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
How do I get the actual SQL query that gets prepared and/or executed (in other words, the result of placing the escaped $username variable into the SQL query text? Obviously I could escape the SQL myself, but that would obviate the benefits of using prepared statements. I looked through the PHP docs and was surprised that this kind of functionality isn't built in; it would be a very useful debug tool.
I'm compiling PHP from source, so I suppose I could theoretically hack such a function in there myself, but that sounds dangerous.
Question
boogerjones
I have the following code:
// $db is a PDO object connecting to a MySQL server using the MySQL Native Driver on PHP 5.3.2 running on Ubuntu $stmt= $db->prepare("SELECT passhash FROM users WHERE username=:user LIMIT 1"); $stmt->bindParam(":user", $username); $stmt->execute(); $results = $stmt->fetchAll(PDO::FETCH_ASSOC);How do I get the actual SQL query that gets prepared and/or executed (in other words, the result of placing the escaped $username variable into the SQL query text? Obviously I could escape the SQL myself, but that would obviate the benefits of using prepared statements. I looked through the PHP docs and was surprised that this kind of functionality isn't built in; it would be a very useful debug tool.
I'm compiling PHP from source, so I suppose I could theoretically hack such a function in there myself, but that sounds dangerous.
Link to comment
Share on other sites
5 answers to this question
Recommended Posts