i wonder what this query means:
$blogPost = Doctrine_Query::create()->from('BlogPost p')->where('p.slug = ?', 'doctrine-released')->execute();
could someone explain the ? for me?
thanks
views:
78answers:
1
+5
A:
I am guessing, but I would bet money that the ? is just a way of saying 'there is a variable here and I will later populate it', just like normal binding in other SQL varieties. In your example, that would imply that the ? is expanded to 'doctrine-released' at execute time. In other words, the query becomes where p.slug = 'doctrine-released'
MJB
2010-04-21 19:07:53
This is correct.
Coronatus
2010-04-21 19:11:14
but why not just write p.slug = 'doctrine-released'. what is the benefit with this?
never_had_a_name
2010-04-21 19:15:10
Because you can use the advantages of prepared statements. Check this : http://php.net/manual/en/pdo.prepared-statements.php
DuoSRX
2010-04-21 19:26:52
In this exact example, it seems like it might not be worthwhile to use a prepared statement. But when your database has thousands of users, and they all use the exact same prepared statement but execute it with different bind variables, you will save yourself a ton of parse-time and memory.
MJB
2010-04-21 19:32:53
The parameter that you bind to the prepared statement is also escaped thus making your code more secure.
Goran Jurić
2010-04-21 21:03:58
Doctrine caches its DQL queries, and regardless of being not so noticeable on small-scale implementations it's still worthwhile using prepared statements (since it's so easy) as by doing this it can tell when a query is the same as another with just an attribute value changed- and therefore re-use / optimise etc.
Steve
2010-04-21 23:14:03
As Goran points out, the variable will be escaped. If it's an integer, you can write it p.slug = 1 and the query will work fine.
Tom
2010-04-21 23:40:51
Just to be clear -- I was not saying don't use prepared statements. I was saying it might 'seem' unnecessary, but you should do it. So I agree with all y'all.
MJB
2010-04-22 01:45:44