Welcome Guest, Not a member yet? Register   Sign In
Real life example of using Query Bindings needed

I'm so proud it only took me 10 mins. to login with all the robot checks, etc. Now on to my question. Is there a real life example of how to do this:

$sql = "SELECT * FROM some_table WHERE id IN ? AND status = ? AND author = ?";
$this->db->query($sql, array(array(3, 6), 'live', 'Rick'));

In a real program you will not be hard-coding what is fed into a query, but this is the example on the website. How would I replace those hard-coded values with variables? Where do I store the quotes, inside the variable or outside or some other way?

Here is what my sql statement looks like:
"SELECT * FROM ? WHERE casenum = '?' AND defname LIKE '?%' AND defname LIKE '%,_?%' ORDER BY evDate desc";

The error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''?' WHERE casenum = '?' AND defname LIKE '?%' AND defname LIKE '%,_?%' ORDER BY ' at line 1

The binding will take care of adding quotes as needed. However, I have run into problems with using it for a list of elements for a WHERE IN statement. For your first example, I believe something like this would work out:

$ids = [3, 6];
$sql = "SELECT * FROM some_table WHERE id IN ('". implode(',', $ids) ."') AND status = ? AND author = ?";
$this->db->query($sql, ['live', 'Rick']);

From the error on your second query, it sounds like you have quotes around the first ?, also, which isn't needed and would likely cause errors.

Theme © iAndrew 2016 - Forum software by © MyBB