I'm reading sitepoint's book PHP & MySQL Novice to Ninja and I'm wondering why he takes an extra step.
My SQL query is
try
{
$sql = 'SELECT * FROM trazooevents WHERE county = :county';
$s = $pdo->prepare($sql);
$s->bindValue(':county', $_POST['search_term']);
$s->execute();
include 'events.inc.php';
}
and in my include
<?php foreach ($s as $row): ?>
<li class="db-headline"><?php echo htmlspecialchars($row['eventname'], ENT_QUOTES, 'UTF-8'); ?></li>
// etc.
<?php endforeach; ?>
and it works perfectly fine. In the book Kevin Yank adds an extra step similar to:
foreach ($result as $row)
{
$events[] = array(
'eventname' => $row['eventname'],
'eventdetails' => $row['eventdetails'],
'weburl' => $row['weburl'],
'imagename' => $row['imagename'],
'expireson' => $row['expireson']
);
}
Does he do this to just get an index label or is there some security issue I don't know?
