How to bind SQL variables in Php? I want to bind variables instead of just building SQL strings. Anyway to do this in Php?
either MySQL or PostgreSQL answers would help.
Thanks
+2
A:
There's e.g. PDO.
An introduction to pdo and prepared statements (including bound parameters) is located at http://docs.php.net/pdo.prepared-statements
VolkerK
2009-12-07 14:01:28
carefull with PDO::bindParam: http://stackoverflow.com/questions/833510/php-pdobindparam-data-types-how-does-it-work
DaNieL
2009-12-14 13:21:29
+2
A:
There are a couple of flavors. I believe the more savvy individuals here will push for you to use PDO prepared statements. There is also a sprintf() version.
PDO
An answer has already been discussed on StackOverflow here.
SPRINTF
$sql = sprintf('SELECT * FROM table WHERE id = %d AND field = %s',
$id,
mysql_real_escape_string($value));
cballou
2009-12-07 14:02:37
+2
A:
You should read on the MySQL Improved Extension (MySQLi) at http://php.net/manual/en/book.mysqli.php , and on prepared statements
sp
2009-12-07 14:03:21
+1
A:
For Postgres specifically - pg_query_params (and pg_send_query_params) is the most primitive form of binding but still very useful.
And then there's PDO but the others already mentioned it.
Milen A. Radev
2009-12-07 14:12:28