Asked  2 Years ago    Answers:  5   Viewed   117 times

I've seen many articles using colons (:) in front of named parameters when using PDO, and a couple that do not use the colon. I'd just as soon not use the colon, simply because it's one less keystroke and slightly easier to read.

It seems to be working fine for me, but I'm curious if there is something important that I'm missing when it comes to the use of colons?

For example, this works just fine:

function insertRecord ($conn, $column1, $comumn2) {
    try {
        $insertRecord = $conn->prepare('INSERT INTO Table1 (column1, column2)
        VALUES(:column1, :column2)');
        $insertRecord->execute(array(
                'column1' => $column1,
                'column2' => $column2
            ));
    }
    catch(PDOException $e) {
        echo $e->getMessage();
    }
}

As opposed to most developers using this, which also works:

function insertRecord ($conn, $column1, $comumn2) {
    try {
        $insertRecord = $conn->prepare('INSERT INTO Table1 (column1, column2)
        VALUES(:column1, :column2)');
        $insertRecord->execute(array(
                ':column1' => $column1,
                ':column2' => $column2
            ));
    }
    catch(PDOException $e) {
        echo $e->getMessage();
    }
}

Notice the colons in the execute statement parameters.

I'd like to understand what the colons are for.

 Answers

5

Colons are required in the SQL statement, to indicate which identifiers are placeholders.

Colons in the execute() or bindParam() calls are optional. The documentation specifies them, but the implementation is clever enough to figure out what you mean if you leave them out (what else could you mean?).

Sunday, November 27, 2022
5

I can find nothing clear in the manual, but looking at the User Contributed Notes, the use of parameters is intended for actual values only, not table names, field names etc.

Normal string concatenation should (and can) be used.

$tablename = "tablename";
$stmt = $dbh->prepare("CREATE TABLE `$tablename` (id foo, int bar,...)");
Sunday, October 2, 2022
 
3

Historically, databases have used 1-based indexing for bound parameters. This probably reflects the origins of relational databases in set theory and mathematics, which index elements starting with one, and use zero to represent a null or empty set.

In shell scripts and regular expressions, the zero index usually means something "special". For example, in the case of shell scripts, the zeroth "argument" is actually the command that was invoked.

The choice for JDBC was deliberate but, ultimately, probably causes more confusion and difficulty than it solves.

Friday, September 23, 2022
5

I don't know much about PDO, but my feeling is there is something wrong with the way you bind the parameters. However, the easiest way to tell for sure is to see the actual query.

According to the docs, you should be able to see the generated query as it went to SQL in $stmt->queryString. It's not possible to see right now because you are binding the parameters to the statement after you are outputting $stmt.

Do a print_r() after you bind the parameters (or maybe even after execution of the query, I don't know). You should get the real query string, and get to the bottom of the problem.

Monday, November 7, 2022
 
kalit
 
1

Beside what Jonathan Sampson said you should not use names that are used for form objects properties. There is a list on Mozilla Developer Center, which if you'll look carefully contains an elements property important for you because form elements may be accessed as direct attributes of the form object. For example in your case:

form.elements; // collides with the built-in elements property
form.e2;

So be careful not to use names like method, or action which will also collide with the value of the method and action attributes of the form element. I hope you got the idea.

Tuesday, December 20, 2022
 
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
 

Browse Other Code Languages