RE: [PHP] Re: mysqli sql question
Peet,
Here is the PHP PDO link: http://php.net/manual/en/book.pdo.php
If you look on example #2 on this page:
http://www.php.net/manual/en/pdostatement.execute.php
That is pretty much how it's setup (although the example I gave is update,
this is select).
And please correct me I said the provided code example included named
placeholders, apparently correct terminology is named parameters.
I found this to be a great article as well:
http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-d
atabase-access/
If you need some more example code as well, just let me know. I've been up
to my ears in PDO the last several weeks.
Jen
-Original Message-
From: Richard Riley [mailto:rile...@googlemail.com]
Sent: Wednesday, August 31, 2011 9:18 AM
To: php-general@lists.php.net
Subject: [PHP] Re: mysqli sql question
"Jen Rasmussen" writes:
> Peet,
>
> Could you do something like this instead? This is using named placeholders
> and a separate line for your statement
> but I was able to get it to echo the statement in this manner.
>
> $sql = "UPDATE table SET field1=:field1, field2=:field2 WHERE id=:id";
> $sth = $dbh->prepare($sql);
> $sth->execute(array(":field1"=>$field1,
> ": field2"=>$ field2,
> ": id"=>$id));
Hi Jen, could you point me to a document/man page for PHP which explains
that : notation in $sql= line please. I'm sure its common to everyone
here but, well, I never saw it before ;(
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] Re: mysqli sql question
> Original Message
>From: Louis Huppenbauer
>To: php-general@lists.php.net
>Sent: Wed, Aug 31, 2011, 10:24 AM
>Subject: Re: [PHP] Re: mysqli sql question
>
>Hi there Richard
>
>It's part of the prepared statements
>http://php.net/manual/de/pdo.prepared-statements.php
>;)
>
>2011/8/31 Richard Riley
>
>> "Jen Rasmussen" writes:
>>
>> > Peet,
>> >
>> > Could you do something like this instead? This is using named
>> placeholders
>> > and a separate line for your statement
>> > but I was able to get it to echo the statement in this manner.
>> >
>> > $sql = "UPDATE table SET field1=:field1, field2=:field2 WHERE id=:id";
>> > $sth = $dbh->prepare($sql);
>> > $sth->execute(array(":field1"=>$field1,
>> > ": field2"=>$ field2,
>> > ": id"=>$id));
>>
>> Hi Jen, could you point me to a document/man page for PHP which explains
>> that : notation in $sql= line please. I'm sure its common to everyone
>> here but, well, I never saw it before ;(
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
These are called SQL Parameters. It's recommended to use them since they help
eliminate SQL Injections.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: mysqli sql question
Hi there Richard
It's part of the prepared statements
http://php.net/manual/de/pdo.prepared-statements.php
;)
2011/8/31 Richard Riley
> "Jen Rasmussen" writes:
>
> > Peet,
> >
> > Could you do something like this instead? This is using named
> placeholders
> > and a separate line for your statement
> > but I was able to get it to echo the statement in this manner.
> >
> > $sql = "UPDATE table SET field1=:field1, field2=:field2 WHERE id=:id";
> > $sth = $dbh->prepare($sql);
> > $sth->execute(array(":field1"=>$field1,
> > ": field2"=>$ field2,
> > ": id"=>$id));
>
> Hi Jen, could you point me to a document/man page for PHP which explains
> that : notation in $sql= line please. I'm sure its common to everyone
> here but, well, I never saw it before ;(
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
