Reference - Frequently Asked Questions About Pdo

Some questions about PDO, safety and correct syntax

PDO and mysqli are both safe methods which you can use.
the link you have attached - http://thisinterestsme.com/php-user-registration-form/

is great! shows you how to make an easy query :

$sql = "SELECT COUNT(username) AS num FROM users WHERE username = :username";
$stmt = $pdo->prepare($sql);

//Bind the provided username to our prepared statement.
$stmt->bindValue(':username', $username);

//Execute.
$stmt->execute();

//Fetch the row.
$row = $stmt->fetch(PDO::FETCH_ASSOC);

and the password hash is great if you have PHP version 5.5+.

In addition, you can also review the website http://www.phptherightway.com

You will find there very interesting documentations of how to program a secured code.

Good luck and be awesome! :)

what is the correct PDO syntax

Prepared statement are useful because they separate the query and the parameters. Concatenation is now something to forget.

$query = $db->prepare("SELECT companyname, axiscategory 
    FROM axispl WHERE companyname 
    LIKE :searchterm LIMIT 11");

$query->bindValue('searchterm',$searchterm.'%');
$query->execute();
//then to fetch the results
$query->fetch(PDO::FETCH_ASSOC);

Here I used named parameters as they are more readable, but you can also use indexed parameters like that :

$query = $db->prepare("SELECT companyname, axiscategory 
    FROM axispl WHERE companyname 
    LIKE ? LIMIT 11");

$query->bindValue(1,$searchterm.'%');
$query->execute();

PDO prepare with question marks doesn't work with numbers

PDO::execute escapes all params as STRING.

$pdo = new PDO('mysql:host=localhost;dbname=mydb', 'user', 'pass');

$max = 10;
$min = 0;
$q = (isset($_GET['q']) && is_string($_GET['q'])) ? $_GET['q'] : '';

$stmt = $pdo->prepare('SELECT * FROM fruits WHERE name LIKE ? LIMIT ?, ?');
$stmt->bindValue(1, "%{$q}%", PDO::PARAM_STR);
$stmt->bindValue(2, $min    , PDO::PARAM_INT);
$stmt->bindValue(3, $max    , PDO::PARAM_INT);
$stmt->execute();

PDO fetch issue from two table

You can use a JOIN

SELECT
   table1.OrderID,
   table2.username
   ...
FROM
    table1
INNER JOIN
    table2 
    ON table1.orderUser = table2.username

PHP PDO Prepare & Execute Statement

The parameters you're passing in via the array are incorrect. You need to prefix them with : as well:

$array = array(
   ":pageTitle" => $_POST["pageTitle"],
    ^--- required

Related Topics

Encrypt and Decrypt Md5

Passing PHP Variable in Onclick Function

Warning: Mysqli_Connect(): (Hy000/1045): Access Denied for User 'Username'@'Localhost' (Using Password: Yes)

Update Data on a Page Without Refreshing

Cron Job to Delete Files Created Before a Specific Time

General Error: 1364 Field 'User_Id' Doesn't Have a Default Value

Regex for No More Than 5 Digits or Contain String

How to Count Columns With the Same Value in a Specific Row in MySQL

How to Echo Selected Value of Dropdown in PHP

Php Warning: Mysqli_Connect(): (Hy000/2002): Connection Refused

How to Add a Space Between Every Sequence of Four Characters (Like a Credit Card Number)

Passing an Array to a Query Using a Where Clause

How to Show Checkboxes as Checked When Values Are Set in the Database in Laravel

MySQL_Fetch_Array()/MySQL_Fetch
_Assoc()/MySQL_Fetch_Row()/
MySQL_Num_Rows etc... Expects Parameter 1 to Be Resource

Importing Json into MySQL

Generating a Truly Unique Order Id in PHP

How to Create Cron Job Using PHP

Returning Json from a PHP Script


Leave a reply



Submit