ansaurus

Question

How to change from mysql to pdo using prepared statements in PHP?

Answer 1

+2 A:

$dml = $db->prepare("INSERT INTO bookmark (accountId, category, url, hash, title, created) VALUES (:account_id, :category, :url, MD5(:url), :title, NOW());");

$dml->bindParam(':account_id', $_SESSION['accountId']);
$dml->bindParam(':category', $_POST['category']);
$dml->bindParam(':url', $_POST['url']);
$dml->bindParam(':title', $_POST['title']);

$dml->execute();

Brock Batsell 2010-02-06 04:04:29

Answer 2

+2 A:

$dml = "INSERT INTO bookmark (accountId, category, url, hash, title, created) "
    . "VALUES (:accountId, :category, :url, MD5(:url), :title, NOW())";
$statement = $pdo->prepare($dml);
$parameters = array(
    ":accountId" => $_SESSION["accountId"],
    ":category" => $_POST["category"],
    ":url" => $_POST["url"],
    ":title" => $_POST["title"]);
$statement->execute($parameters);

Adrian 2010-02-06 04:05:09

It will automatically quote the string,right?

2010-02-06 04:14:15

PDO will handle escape and quoting as needed.

acrosman 2010-02-06 04:27:58

@user198729: quoting is only necessary if the underlying driver has to simulate prepared statements. Generally speaking, values are sent separate from the statement, so there's no confusion between where a value ends and the rest of the statement begins.

outis 2010-02-06 04:31:21

Can you be more specific about when is quoting necessary?

2010-02-06 04:34:24

outis 2010-02-06 04:48:54

ansaurus

tags:

views:

answers:

How to change from mysql to pdo using prepared statements in PHP?

related questions