tags:

views:

126

answers:

2
+1  Q: 

an alternative to stored procedures

I am having problems using stored procedures. Making call to a stored procedure is not working for me. So I replaced the stored procedure by an sql statement. But now, I have some stored procedures which receive parameters. for example

CREATE PROCEDURE get_category_details_proc(IN incat_id INT)
BEGIN 

SELECT name, desc 
FROM category
WHERE cat_id = incat_id;

END

How can I replace this by using simply sql statements?

Please see my previous question for more details.

I already have this function in my database connection class:

public static function GetRow($sqlQuery, $params = null, $fetchStyle = PDO::FETCH_ASSOC)
 {
  $result = null;
  try
  {
   $database_handler = self::GetHandler();
   $statement_handler = $database_handler->prepare($sqlQuery);
   $statement_handler->execute($params);
   $result = $statement_handler->fetch($fetchStyle);

  }
  catch(PDOException $e)
  {
   self::Close();
   trigger_error($e->getMessage(), E_USER_ERROR);

  }
  return $result;


 }

And in another class where I am actually calling the stored procedures I have:

public static function GetCategoryDetails($categoryID)
 {
  $sql = CALL get_category_details_proc(:category_id);
              $params = array(':category_id' => $categoryID);
  return DatabaseHandler::GetRow($sql,$params);

 }
+2  A: 

Use a Prepared statement like the following:

$pdo = new PDO(...);
$statement = $pdo->prepare('SELECT name, desc FROM category WHERE cat_id = ?');
$statement->execute(array(10)); // incat_id
$rows = $statement->fetchAll();
Allain Lalonde  2010-01-06 18:04:15
Thanks for your replies. I have included some more codings so that you can help me.
chupinette  2010-01-06 18:22:32
A: 

You could just build the query string with concatenation but as Rick mentions below make sure to cast/validate. Always sanitize all external inputs - use mysql_real_escape_string, or better still, prepared statements

$query = "select name, desc FROM category where cat_id = ".$incat_id;

Then pass that into the PHP mysql_query

$result=mysql_query($query);
Jason Rowe  2010-01-06 18:15:25
I won't down-vote, but you should caution to only do this for numbers that have been cast/validated.
rick  2010-01-06 18:19:38
Sorry didn't see the pdo tag in the question and yeah probably not the best solution.
Jason Rowe  2010-01-06 18:19:41
by the way, you have an extra quote at the end.
rick  2010-01-06 18:20:27
Thanks again for the help in cleaning my PHP mess up
Jason Rowe  2010-01-06 18:23:47
Thanks! I am going to try what Jason suggested.
chupinette  2010-01-06 19:48:36

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL