Regardless of whatever theoretical difference, neither PDO::query() nor PDO::exec() should be used anyway. These functions don’t let you bind parameters to the prepared statement and should never be used. Use prepare()/execute() instead, especially for UPDATE,INSERT,DELETE statements. Please note that although prepared statements are widely advertised as a security measure, it is only to attract people’s … Read more
You should look at the documentation. But If you dont find anything, you can add another catch : <?php try { $stmt = $db->prepare(“INSERT INTO tbl_user (id, name, password, question, answer) VALUES (NULL, :name, :password, :question, :answer)”); $stmt->bindValue(“:name”, $_POST[‘name’]); $stmt->bindValue(“:password”, $_POST[‘password’]); $stmt->bindValue(“:question”, $_POST[‘question’]); $stmt->bindValue(“:answer”, $_POST[‘answer’]); $stmt->execute(); echo “Successfully added the new user ” . $_POST[‘name’]; … Read more
On Ubuntu you should be able to install the necessary PDO parts from apt using sudo apt-get install php5-mysql There is no limitation between using PDO and mysql_ simultaneously. You will however need to create two connections to your DB, one with mysql_ and one using PDO.
You need to use fetchAll() $result = $query -> fetchAll(); foreach( $result as $row ) { echo $row[‘first_name’]; echo $row[‘last_name’]; }
Well No, there is none! Technically there is PDO::quote() but it is rarely ever used and is not the equivalent of mysql_real_escape_string() That’s right! If you are already using PDO the proper way as documented using prepared statements, then it will protect you from MySQL injection. # Example: Below is an example of a safe … Read more
$sql=”UPDATE user_alerts SET notif = notif + 2 WHERE ( user_id = :userid )”; $prepStatement = $pdo->prepare( $sql ); $prepStatement->execute(array(‘:userid’ => $userid)); You can’t bind a column name to a prepared statement.
Don’t wrap the values with single quote. $STH = $DBH->prepare(“SELECT * FROM `table` WHERE `start_date` BETWEEN :start_date AND :end_date”);
To create the connection try { $db = new PDO(“mysql:dbname=”.DB_NAME.”;host=”.DB_HOST,DB_USER,DB_PWD); } catch (PDOException $e) { die(“Database Connection Failed: ” . $e->getMessage()); } Then to prepare a statement $prep = $db->prepare(“SELECT * FROM `users` WHERE userid = ‘:id'”); As you can see, you label each parameter you’d like by prefixing any string with ‘:’. Then all … Read more
Short Answer: Simply delete or comment out line below, and it will always work, no matter which database encoding is really in use (utf8, latin1, etc): $pdo->exec(‘SET CHARACTER SET utf8’); Long Answer: This is not PDO bug, this is MySQL bug. When actual database encoding is latin1, but you use: SET CHARACTER SET utf8 (or … Read more
Turns out the problem had to do with the SET parameters. I used the code below obtained from Here. To determine which options were set in SQL Server Management Studio (where the insert worked). Then placing each of those in an exec prior to my insert statement caused things to work again. I didn’t need … Read more