Uses prepared statements throughout to protect against SQL injection attacks

[irut]

I have a problem : From php manual the prepared statements example 2 - Repeated inserts using prepared statements:

$stmt = $dbh->prepare("INSERT INTO REGISTRY (name, value) VALUES (:name, :value)");
$stmt->bindParam(':name', $name);
$stmt->bindParam(':value', $value);

// insert one row
$name = 'one';
$value = 1;
$stmt->execute();

and with idiorm?

$person = ORM::for_table('REGISTRY')->create();
// insert one row
$person->name = 'one';
$person->value =1;
$person->save();

[treffynnon]

Sorry, but what is the question?

[irut]

i'm sorry, i forgot the exclamation mark :( i have edit my post and also how to prepared statements to run with idiorm? it's work only con raw_query? tnk and sorry

[treffynnon]

I still don't understand exactly what you are asking, but I will try to answer.

All queries built using Idiorm automatically use prepared statements. So yes when you execute:

$person = ORM::for_table('REGISTRY')->create();
// insert one row
$person->name = 'one';
$person->value =1;
$person->save();

You are protected by prepared statements that Idiorm builds in the background for you.

I hope that makes sense and answers your question.

[irut]

you've centered my problem tnk, in the Features section https://github.com/j4mie/idiorm#features in the fourth point is written: Uses prepared statements throughout to protect against SQL injection attacks. I had understood that it was necessary to do... sorry and congratulations for the project

[treffynnon]

Because it is using prepared statements to build queries in the background for you. It makes it easier to use the prepared statements by abstracting it through a more convenient interface. That is the whole point of Idiorm.