PurePHP MySQL Prepared Statements
Using the PurePHP MySQL API – Part 8
Foreword: In this part of the series, I talk about MySQL prepared statements. I will use the INSERT, UPDATE and SELECT statements for illustration.
By: Chrysanthus Date Published: 17 Jan 2018
Introduction
Inserting
Consider the normal INSERT statement,
INSERT INTO pet (name, owner, species, sex, birth, death) VALUES ('Nelly','Marie','wild','m','2009-03-30',NULL)
If you want to send the values 'Marie' and 'wild' later, then the prepared statement will be:
INSERT INTO pet (name, owner, species, sex, birth, death) VALUES ('Nelly',?,?,'m','2009-03-30',NULL)
where the two ?s are placeholders for the values, 'Marie' and 'wild'.
The PurePHP MySQL construct to do this is:
$prepareStr = "INSERT INTO pet (name, owner, species, sex, birth, death) VALUES ('Nelly',?,?,'m','2009-03-30',NULL)";
if (!prepare($prepareStr))
{
echo $Error_msg, "<br>";
}
$executeStr = "'Marie','wild'";
if (!execute($executeStr))
{
echo $Error_msg, "<br>";
}
else
{
echo "statement executed <br>";
}
stmt_close();
Note the use of the reserved words, prepare and execute.
Consider the statement:
UPDATE pet SET species = 'domestic' WHERE name = 'Nelly'
You may want to send the statement with a placeholder for 'domestic' and then send 'domestic' afterwards. The construct to do this is:
$updateStr = "UPDATE pet SET species = ? WHERE name = 'Nelly'";
if (!prepare($updateStr))
{
echo $Error_msg, "<br>";
}
$executeStr = "'domestic'";
if (!execute($executeStr))
{
echo $Error_msg, "<br>";
}
else
{
echo "statement executed <br>";
}
stmt_close();
Note the use of backticks and also the use of the prepare and execute function calls.
Consider the statement,
SELECT * FROM pet WHERE species = 'snake' OR species = 'bird'
The values 'snake' and 'bird' can be sent as placeholders in a prepared statement; then after, the actual values are sent in an execute statement. The following construct does this:
$selStr = "SELECT * FROM pet WHERE species = ? OR species = ?";
if (!prepare($selStr))
{
echo $Error_msg, "<br>";
}
$executeStr = "'snake', 'bird'";
if (!execute($executeStr))
{
echo $Error_msg, "<br>";
}
else
{
for ($i=0; $i<$No_of_Rows; ++$i)
{
echo $Result[$i]['name'], ', ';
echo $Result[$i]['owner'], ', ';
echo $Result[$i]['species'], ', ';
echo $Result[$i]['sex'], ', ';
echo $Result[$i]['birth'], ', ';
echo $Result[$i]['death'], ', ';
echo "<br>";
}
}
stmt_close();
A cell value for a placeholder may be long. The following construct uses an INSERT statement to illustrate how to send such values:
$prepareStr = "INSERT INTO pet (name, owner, species, sex, birth, death) VALUES ('Piggy',?,?,'m','2009-03-30',NULL)";
if (!prepare($prepareStr))
{
echo $Error_msg, "<br>";
}
send_long_value('Likes Pig', 0);
send_long_value("pig\'s long info", 1);
if (!execute())
{
echo $Error_msg, "<br>";
}
else
{
echo "statement executed <br>";
}
stmt_close();
Note the use of the function, send_long_value('long text', index) . Here, index counting begins from zero and it is for the placeholders.
Any prepared construct has to be closed. So all the above constructs, should end with:
stmt_close();
Resetting Long Value Action
Any statement prepared has to be executed. After sending long values and you change your mind, you have to reset the action. In this way, you will be assured that the long values are not saved into the database. The following code illustrates this:
$prepareStr = "INSERT INTO pet (name, owner, species, sex, birth, death) VALUES ('Fatty',?,?,'m','2009-03-30',NULL)";
if (!prepare($prepareStr))
{
echo $Error_msg, "<br>";
}
send_long_value('long one', 0);
send_long_value("long two", 1);
if (!stmt_reset())
{
echo $Error_msg, "<br>";
}
else
{
echo "action stopped <br>";
}
stmt_close();
That is it for this part of the series. We stop here and continue in the next part.
Chrys
Related Links
Pure PHP Mailsend - sendmailPurePHP MySQL API
Using the PurePHP MySQL API
More Related Links
Basics of PHP with Security Considerations
cousins
Using the EMySQL API
Using the PurePerl MySQL API
BACK NEXT