v5:reference:connection:param
This is an old revision of the document!
param
Description
The function param returns a database-specific placeholder for a prepared query statement.
This method is used with bind variable SQL statement execution, to produce injection resistant code.
On RDBMS with positional (numbered) query parameters such as PostgreSQL, calling param(false)
will reset the parameter counter, allowing to start building a new query.
Usage
This is an example of how to use param() to build SQL queries:
$sql1 = 'SELECT * FROM accounts WHERE name = ' . $db->param('account') . ' AND total = ' . $db->param('amount'); $db->param(false); $sql2 = 'SELECT * FROM accounts WHERE id = ' . $db->param('id');
See below for the code's output with various database drivers.
MySQL, IBM DB2
$sql1: SELECT * FROM accounts WHERE name = ? AND total = ? $sql2: SELECT * FROM accounts WHERE id = ?
Oracle (oci8)
$sql1: SELECT * FROM accounts WHERE name = :account AND total = :amount $sql2: SELECT * FROM accounts WHERE id = :id"
PostgreSQL
$sql1: SELECT * FROM accounts WHERE name = $1 AND total = $2 $sql2: SELECT * FROM accounts WHERE id = $1
v5/reference/connection/param.1579908673.txt.gz · Last modified: 2020/01/25 00:31 by dregad