That works but how do I loop through all of the rows, so I can display them all w/o having to enter [1] and [2] etc, do I need to use a for loop inside the while? Basically it should mimic this, right?
Okay, so as to #3, how do I use prepared statements in a more general dbClass where I don’t know the table or LIMIT I am going to use ahead of time? How does that make this code re-usable if I can’t pass these value into it?
I know man, I just wasn’t sure if there was a special function like mysql_fetch_array that let’s you loop it with a while loop. Since this is in a Class i actually return all of the rows in an array and loop them in the object.
The setter methods do simply set the properties of the class. Some people would do this in one array. Some do not like setters and choose to pass in variables; however to be clearer and to only set in the Crud classes the properties I need then I use the setters.
The transaction, commit, and rollback do what you have read in the manual and so if anything during the insert or update goes wrong then it will rollback.
The makeup of my CRUD class consists of interfaces like so:
nterface IGet {
function getByNameOrId();
function getLike();
}
interface IUniqueOrLast {
function getUnique();
function getLastInsertedId();
}
interface ISave {
function save($container); //update or insert
function saveNew(); //insert only
}
Then I have a base abstract class that has the methods that I want to share through out the different classes. so for my save class I do
class InsertUpdate extends Base implements ISave {
One of my methods in this InsertUpdate class is update()
As earlier mentioned once the sql is prepared and the parameters are bound it tries to execute. If it goes well then the update is committed and if not it rolls back. If an exception occurs it will bubble up and get caught by my error handling class.
First of all, it’s important that you know that “PDO” and “prepared statements” are two seperate things. PDO is a class/interface for performing operations against a database, where as prepared statements are a feature of MySQL which is supported by both the PDO and the mysqli PHP extensions.
There are two reasons why you may use prepared statements. The first is that by design, prepared statements prevent SQL injection. They do this simply by only allowing “values” to be passed when executing a prepared statement. Because of this, any data sent to a prepared statement will be treated as a value, hence any special MySQL characters or keywords are not interpreted as MySQL code, but are merely treated as textual data.
The second reason you may use prepared statement is for performance reasons. Depending on the type of application and how’s it’s been designed, prepared statements can either increase or decrease performance. Unlike a normal SQL query, prepared statements require two separate requests to the server. The first request sends the prepared statement (e.g. “SELECT title FROM table WHERE author = ?”), while all subsequent requests send a reference to that prepared statement along with the accompanying data. If you’re application rarely re-uses prepared statements, then it’s likely they will decrease performance. On the other hand, if your application executes a set queries many times, but with different “values”, then prepared statements can increase performance.
I hope that’s slightly improved your understanding of PDO and prepared statements. Prepared statements are a new concept, so like any new concept, it’ll take a little while to properly grasp and understand; like when you go from procedural code to OOP, although it shouldn’t take near as long to fully grasp.
Yes, that helps me understand more for sure. The site I am building is a classifieds site, so it repeats the same query over and over every time someone clicks on an item for sale, exactly like craigslist. The only things that will change are category and post ID… so prepared statements should make that faster because it is calling the same query over and over simply by reference, and sending an array of ? dynamic values with it, to avoid resending the static SELECT code, correct?
Okay, I have prepared statements figured out in the basic sense.
In my normal SQL Queries for pagination I use a LIMIT with an offset and a # of rows I want per page, like so:
$limit = $offset . ', ’ . $rowsperpage;
The query might end up like LIMIT 30, 15 on page 3.
When I use this with prepared statements though, I get zero results. If I set LIMIT to 15 it works fine but “0, 15” doesn’t work. Here’s the code I am using:
Remember, bind values, not expressions. You have to pass in the complete query you want to execute, not a partial query you’re going to append more syntax to.
I’ve verified this works, same example I gave on the last page but with an offset too, so you did something wrong with your code.