ansaurus

Question

Answer 1

+4 A:

There are two great examples on the pdo::prepare() documentation.

I have included them here and simplified them a bit.

This one uses ? parameters. $dbh is basically a pdo class. And what you are doing is putting the values 150 and 'red' into the first and second question mark respectively.

/* Execute a prepared statement by passing an array of values */
$sth = $dbh->prepare('SELECT name, colour, calories
    FROM fruit
    WHERE calories < ? AND colour = ?');

$sth->execute(array(150, 'red'));

$red = $sth->fetchAll();

This one uses named parameters and is a bit more complex.

/* Execute a prepared statement by passing an array of values */
$sql = 'SELECT name, colour, calories
    FROM fruit
    WHERE calories < :calories AND colour = :colour';

$sth = $dbh->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
$sth->execute(array(':calories' => 150, ':colour' => 'red'));

$red = $sth->fetchAll();

Ólafur Waage 2009-09-21 22:07:43

in your 2 examples, is 1 better then the other?

jasondavis 2009-09-21 22:11:01

For simple queries, the ? is fine. But note that prepared statements will add a quote around every value. Wherein the 2nd example, you can state that one value is a number and the other value is a string. (though it's not shown here)

Ólafur Waage 2009-09-21 22:12:57

Just depends what you want to do with it... If you want to use the same value more than once, then you should used named parameters. This is because if you use ?'s, it simply inserts them in the order they appear. If you used the named parameters, then you can use them more than once. The ?'s are just a more condensed version for simpler queries. One doesn't have an advantage over the other in any other way.

BraedenP 2009-09-21 22:19:14

Forgive my ignorance, but where abouts should I be using the prepared statement? Should I be declaring it in some kind of database layer or is it fine to use it inline like in the above examples?

Hanpan 2009-09-22 07:38:09

You can do either. You can start with inline stuff like this to get comfortable with and then create an abstraction for yourself later on.

Ólafur Waage 2009-09-22 09:25:13

Thanks very much for the help. I setup a singleton which extends PDO (I know, please don't shoot me) and it's working nicely. It's a shame I have to create a singleton, because I am only using it for creating the connection and altering the query method to allow for dynamic table prefix.

Hanpan 2009-09-22 10:09:28

Use it while it works, if you find a better way later on, then do that :)

Ólafur Waage 2009-09-22 13:49:17

Answer 2

A:

This is an excellent guide to basic PDO operations: kitebird.com

Alex JL 2009-11-03 18:50:59

ansaurus

tags:

views:

answers:

PHP PDO prepared statements

related questions