At best, any rogue quotes within a given
string might cause the SQL execution to fail, while at worst, purposeful malicious SQL code may be
passed resulting in dire consequences for your data.
dbName() and lastInsertId()
dbName and lastInsertId may as well be getter methods, as they perform no actual calculation and
exist only to return a value. The dbName method simply provides a static string depicting the type of
database server. This, currently, can be SQLite, MySQL or PostgreSQL. The point of this method is so you
can compare it against a literal representation of these values in a conditional expression so as to
determine the database type that a Connection instance is associated with.
The lastInsertId method is useful when you wish to retain the record id of the last inserted record.
For example, it could be that you want to add a record to a table, but also insert several other records to
look up tables that rely on the first records id. To do this, you could simply store the return value from
lastInsertId into a variable, and use the variable in each further relative insert.
Pages:
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552