SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Enthusiast
    Join Date
    Dec 2013
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Why do prepared statements to be stored?

    I'm assuming you have to because all the examples in the book are stored.

    say for example

    $sql = 'INSERT INTO joke SET
    joketext = :joketext,
    jokedate = "today's date"';
    $s =$pdo->prepare($sql);
    $s-bindValue(':joketext', $_POST['joketext']);
    $s->execute();

    Why can't you just do this instead

    $pdo->prepare($sql);
    bindValue(':joketext', $_POST['joketext']);
    $pdo->execute();

  2. #2
    Always A Novice bronze trophy
    K. Wolfe's Avatar
    Join Date
    Nov 2003
    Location
    Columbus, OH
    Posts
    2,182
    Mentioned
    66 Post(s)
    Tagged
    2 Thread(s)
    Would you mind rephrasing and fixing your code? I'm having a bit of trouble following, especially since you have syntax errors, I'm not sure if they are intentional or not part of what you are asking.

  3. #3
    SitePoint Enthusiast
    Join Date
    Dec 2013
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by John Crutchfield View Post
    I'm assuming you have to because all the examples in the book are stored.

    say for example

    $sql = 'INSERT INTO joke SET
    joketext = :joketext,
    jokedate = "today's date"';
    $s =$pdo->prepare($sql);
    $s->bindValue(':joketext', $_POST['joketext']);
    $s->execute();

    Why can't you just do this instead

    $pdo->prepare($sql);
    bindValue(':joketext', $_POST['joketext']);
    $pdo->execute();
    added arrow to first bindValue

  4. #4
    Always A Novice bronze trophy
    K. Wolfe's Avatar
    Join Date
    Nov 2003
    Location
    Columbus, OH
    Posts
    2,182
    Mentioned
    66 Post(s)
    Tagged
    2 Thread(s)
    So bindValue in your second example is not correct syntax, nor is joketext or jokedate, they need $ in front. bindValue() needs run on an object.

    joketext in your first exampel is never used, therefore not needed, same thing with jokedate.

  5. #5
    SitePoint Enthusiast
    Join Date
    Dec 2013
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by K. Wolfe View Post
    So bindValue in your second example is not correct syntax, nor is joketext or jokedate, they need $ in front. bindValue() needs run on an object.

    joketext in your first exampel is never used, therefore not needed, same thing with jokedate.
    no $ are needed in front. they're not variables, they're part of a MYSQL database.
    Except for any typos, I pretty much copied it out of the book.

  6. #6
    Always A Novice bronze trophy
    K. Wolfe's Avatar
    Join Date
    Nov 2003
    Location
    Columbus, OH
    Posts
    2,182
    Mentioned
    66 Post(s)
    Tagged
    2 Thread(s)
    Ok sorry, I had trouble reading it because you didn't use PHP highlighting. In any case:

    Code PHP:
    $pdo->prepare($sql);
    bindValue(':joketext', $_POST['joketext']);

    is invalid syntax. bindValue() is not a global function, it is part of the PDOStatement class.

    have a look at the return value here: http://www.php.net/manual/en/pdo.prepare.php

    It returns an object (a class). That means you have to save the result so that you can use it. the reason you cant do $pdo->prepare and then immediately $pdo->bindValue is because bindValue() does not exist in PDO, it exists in PDOStatement. It's just part of good object oriented design practices.

  7. #7
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    72 Post(s)
    Tagged
    0 Thread(s)
    To give a metaphor:

    $pdo is the tunnel that connects your database and your webserver.
    $s is the car (query/statement) that you put suitcases (data) into, and then drive it through the tunnel.

    It doesnt make any sense to say "add suitcase to tunnel".
    The tunnel doesnt know which car you're putting the suitcase into. (It also doesnt care.)
    There can be multiple cars waiting to go through the tunnel. (Typical tunnel builders; only build a one-lane tunnel.)
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  8. #8
    SitePoint Enthusiast
    Join Date
    Dec 2013
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks to K. Wolfel and StarLion. I kind of get it.

    I probably need to read more on Object Oriented Programming to understand.

  9. #9
    SitePoint Guru
    Join Date
    Nov 2003
    Location
    Huntsville AL
    Posts
    689
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    I have often wondered why some many examples use the bind method. I almost always just pass in the parameters as an array. You can do this without storing anything:

    PHP Code:
    $pdo->prepare($sql)->execute(array('joketext' => $_POST['joketest'])); 


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •