Sending SQL Via PDO

Previous page
Table of content
Next page

 $stmt = $db->prepare($sql); $stmt->execute();


To send SQL via PDO, a statement must be executed using the query() method. As always, you need a way to escape special characters. This can, once again, be done using prepared statements. First, an SQL query can be parsed using a method called prepare(), whereas placeholders start with a colon. Then, the bindParam() method binds a value to a placeholder name. Finally, the execute() method sends the statement to the database.

Sending SQL Via PDO (pdo_execute.php; excerpt)
 <?php   try {     $db = new PDO('sqlite:PDOquotes.db');     require_once 'stripFormSlashes.inc.php';     $sql = 'INSERT INTO quotes (quote, author, year)       VALUES (:quote, :author, :year)';     $stmt = $db->prepare($sql);     $stmt->bindParam('quote', $_POST['quote']);     $stmt->bindParam('author', $_POST['author']);     $stmt->bindParam('year',       intval($_POST['year']));     $stmt->execute();     echo 'Quote saved.';   } catch (PDOException $ex) {     echo 'Connection failed: ' . htmlspecialchars       ($ex->getMessage());   } ?>



Previous page
Table of content
Next page
PHP Phrasebook
PHP Phrasebook
ISBN: 0672328178
EAN: 2147483647
Year: 2005
Pages: 193
Authors: Christian Wenz
BUY ON AMAZON
Certified Ethical Hacker Exam Prep
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Documenting Software Architectures: Views and Beyond
Postfix: The Definitive Guide
Extending and Embedding PHP
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy