Hello. I just have a query if I am going about JOINS in PDO correctly.
For my insert queries I follow the format
[code] $sql = “INSERT INTO sportsch_sport
.satellitemulti
(channelid_multi
, satname
, frequency
, polarisation
, symbrate
, fec
, encorfta
, channelid_m
)VALUES (
:channelid,
:satname,
:frequency,
:polarisation,
:symbrate,
:fec,
:encorfta,
:channelid_m)”;
$stmt = $DB->prepare($sql);
// bind the values
$stmt->bindValue(":channelid", $channelid);
$stmt->bindValue(":satname", $satname);
$stmt->bindValue(":frequency", $frequency);
$stmt->bindValue(":polarisation", $polarisation);
$stmt->bindValue(":symbrate", $symbrate);
$stmt->bindValue(":fec", $fec);
$stmt->bindValue(":encorfta", $encorfta);
$stmt->bindValue(":channelid_m", $channelid_m);
// execute Query
$stmt->execute();
[/code]
But i have a query with a LEFT Join, as below
[code] $keyword = trim($_GET[“keyword”]);
if ($keyword <> “” ) {
$sql = "SELECT f.hometeam, f.versus, f.awayteam, f.sport, f.competition, f.date, f.time,
Group_concat(s.name SEPARATOR ‘,’) name,
Group_concat(x.channelid_fc SEPARATOR ‘,’) channelid_fc
FROM footballfixtures f
LEFT JOIN fixturechannels x
ON x.matchid_fc=f.matchid
LEFT JOIN satellite s
ON x.channelid_fc=s.channelid
WHERE 1 AND " . " (hometeam LIKE :keyword)
OR awayteam LIKE :keyword
OR competition LIKE :keyword
GROUP BY f.hometeam, f.versus, f.awayteam, f.sport, f.competition, f.date, f.time
ORDER BY f.date, f.time ";
$stmt = $DB->prepare($sql);
$stmt->bindValue(":keyword", $keyword."%");
[/code]
What I am not sure about is do I need to use placeholders for all of the values such as f.home team, f.away team and so on? Or is the way I have approached this left join appropriate?
The join does work successfully, but I just wasn’t sure if this approach would help prevent SQL injection?
Many Thanks to anyone who reads this and/or provides their insight