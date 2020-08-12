jmyrtle: jmyrtle: Now that I’m thinking this through though, it sounds more like a PHP question rather than a database question.

It is. So i’m going to use my mystical powers to change the category of the post. (Hint: You can always do that yourself up at the top of the thread.)

You’re using PDO. Which is good. So let’s talk about Prepared Statements.

This scenario is what Prepared Statements exist for. You know what you want to ask the database for, but you have a question mark - in this case, the name of the sales person.

So, we introduce the idea of a parameter.

SELECT * FROM invoices WHERE Salesperson = 'JS';

“I want all of the invoices for the salesperson JS.”

Let’s generalize the query.

“I want all of the invoices for a given salesperson.”

We don’t need to know ahead of time whiat salesperson we’re talking about; we just want to be able to, for any individual salesperson, pull their invoices.

In Prepared Statement terms, the salesperson string is now a parameter of the query. Named Parameters start with : ,followed by the name we’re going to reference it by.

SELECT * FROM invoices WHERE Salesperson = :saleperson

So now, if :salesperson is JS, we get JS’s invoices; if it’s AD, we get AD’s invoices, etc.

PDO queries that are going to use parameters follow the prepare-bind-execute flow of query designation. Let’s take a look at how that might occur with this query.

<?php $salesperson = "JS"; //I assume the existance of $db, a PDO Database Connection. $stmt = $db->prepare("SELECT * FROM invoices WHERE Salesperson = :saleperson"); $stmt->bindParam('salesperson',$salesperson); $stmt->execute(); //$stmt is now holding the result of our query, which can be ->fetch or ->fetchAll'd.

Now, I know what you’re about to say - we still statically defined our variable, $salesperson.

But we can pull that value from any number of places, and where we do so depends on our use case. For example, we might pull a list of names from the database by querying for the list of options (either from an individual table, or by querying the existing one for something like SELECT DISTINCT salesperson FROM invoices ; we may then present a list of names in a table, with links to our reporting page passing the salesperson’s name on the url: http://example.com/invoicereport.php?salesperson=JS , in which case $salesperson = $_GET['salesperson'] will make our code work.

At this point though, we’re getting into very specific use cases rather than the general theory; this is an example to help you get your mind wrapped around the concept.