Differences

This shows you the differences between two versions of the page.

--- reference:param [2015/08/21 20:58] – created mnewnham
+++ v5:reference:connection:param [2020/01/25 00:33] – [Usage] dregad
@@ Line 2: / Line 2: @@
 ~~NOTOC~~
 <WRAP right box>
+==See Also==
+[[v5:reference:connection:addq|addQ()]]\\
 == Syntax ==
   string param(
-         string $name,
+         string $name
-         optional type='C'
          )
 </WRAP>
 ===== Description =====
 The function param returns a database-specific placeholder for a prepared query statement.
+This method is used with [[v5:userguide:learn_bind:bind_vars|bind variable SQL statement execution]], to produce injection resistant code.
+On RDBMS with positional (numbered) query parameters such as PostgreSQL, calling ''param(false)'' will reset the parameter counter, allowing to start building a new query.
+------------------------------
 ===== Usage =====
+This is an example of how to use param() to build SQL queries:
 <code php>
-/*
+$sql1 = 'SELECT * FROM accounts WHERE '
-* Connection to Oracle database
+    . 'name = '  . $db->param('account') . ' AND '
-*/
+    . 'total = ' . $db->param('amount');
-print $db->param('account');
-/*
+$db->param(false); // Reset param count
-* prints ':account'
+$sql2 = 'SELECT * FROM accounts WHERE id = ' . $db->param('id');
-*/
 </code>
-<code php>
-/*
+See below for the code's output with various database drivers.
-* Connection to IBM DB2 database
-*/
+==== MySQL, IBM DB2 ====
-print $db->param('account');
+<code>
-/*
+$sql1: SELECT * FROM accounts WHERE name = ? AND total = ?
-* prints ?
+$sql2: SELECT * FROM accounts WHERE id = ?
-*/
+</code>
+==== Oracle (oci8) ====
+<code>
+$sql1: SELECT * FROM accounts WHERE name = :account AND total = :amount
+$sql2: SELECT * FROM accounts WHERE id = :id"
+</code>
+==== PostgreSQL ====
+<code>
+$sql1: SELECT * FROM accounts WHERE name = $1 AND total = $2
+$sql2: SELECT * FROM accounts WHERE id = $1
 </code>