A prepared statement s, essentially, the template of an SQl statement that has been pre-parsed and compiled and is ready to be executed by passing it the appropriate date.
Steps:
1. Create Prepared Statement (replacing your data with a set of markers uch as question marks, or named entities.
2. Load Data in the statement
3. Execute
// Example
$clean = array();
if (ctype_al[ha($_POST['username']))
{
$clean['username'] = $_POST['username'];
}
// Set a named placeholder in the SQL statement for username
$sql = 'SELECT * FROM users WHERE username = :username';
// Assume the database handler exists; prepare the statement
$stmt = $dbh->prepare($sql);
// Bind a value for the parameter
$stmt->bindParam(':username', $clean['username']);
// Execute and fetch results
$stmt->execute;
$results = $stmt->fetchAll();
Monday, June 29, 2009
PDO (PHP Data Objects) && Prepared Statements
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment