ADOdb

Database Abstraction Layer for PHP

User Tools

Site Tools


v5:reference:connection:param

param

See Also

addQ()

Syntax
string param(
       string $name
       )

Description

The function param returns a database-specific placeholder for a prepared query statement.

This method is used with bind variable SQL statement execution, to produce injection resistant code.

On RDBMS with positional (numbered) query parameters such as PostgreSQL, calling param(false) will reset the parameter counter, allowing to start building a new query.


Usage

This is an example of how to use param() to build SQL queries:

$sql1 = 'SELECT * FROM accounts WHERE ' 
    . 'name = '  . $db->param('account') . ' AND '
    . 'total = ' . $db->param('amount');
 
$db->param(false); // Reset param count
$sql2 = 'SELECT * FROM accounts WHERE id = ' . $db->param('id');

See below for the code's output with various database drivers.

MySQL, IBM DB2

$sql1: SELECT * FROM accounts WHERE name = ? AND total = ?
$sql2: SELECT * FROM accounts WHERE id = ?

Oracle (oci8)

$sql1: SELECT * FROM accounts WHERE name = :account AND total = :amount
$sql2: SELECT * FROM accounts WHERE id = :id"

PostgreSQL

$sql1: SELECT * FROM accounts WHERE name = $1 AND total = $2
$sql2: SELECT * FROM accounts WHERE id = $1
v5/reference/connection/param.txt · Last modified: 2020/01/25 00:33 by dregad