I believe this is mentioned in the original question that was reference in this one. However there is actually supposed to be a method for retrieving this data. PDOStatement::debugDumpParams However it isn’t currently working as documented. There is a bug report and patch submitted for it here http://bugs.php.net/bug.php?id=52384 in case anyone is interested in voting … Read more
Prepared statements improve performance by caching the execution plan for a query after the query optimizer has found the best plan. If the query you’re using doesn’t have a complicated plan (such as simple selects/inserts with no joins), then prepared statements won’t give you a big improvement since the optimizer will quickly find the best … Read more
but watch out for this…. Long nullLong = null; preparedStatement.setLong( nullLong ); -thows null pointer exception- because the protype is setLong( long ) NOT setLong( Long ) nice one to catch you out eh.
I’ll address your questions in turn. Will the executeBatch method tries to send all the data at once? This can vary with each JDBC driver, but the few I’ve studied will iterate over each batch entry and send the arguments together with the prepared statement handle each time to the database for execution. That is, … Read more
That’s a very good question and I have several answers for it. Raw PHP First of all, you can use several tricks to reduce the verbosity, like omitting the fields clause in the query (and adding default values in the values clause for the missing fields) and using positional placeholders: $sql=”INSERT INTO tasks VALUES(null, ?, … Read more
You cannot parameterize table names, column names, or anything in an IN clause (thanks to c0r0ner for pointing out the IN clause restriction). See this question, and subsequently this comment in the PHP manual.
No, prepared queries (when used properly) will ensure data cannot change your SQL query and provide safe querying. You are using them properly, but you could make just one little change. Because you are using the ‘?’ placeholder, it is easier to pass params through the execute method. $sql->execute([$consulta]); Just be careful if you’re outputting … Read more
Today’s rule of software engineering: if it isn’t going to do anything for you, don’t use it.
error is in this line rs = stmt.executeQuery(selectSQL); do this way rs = stmt.executeQuery();
It would seem that there is a bug at work here, best solution I’ve found is this: http://www.php.net/manual/en/pdo.prepared-statements.php#101993 From the comment at the link above: $dbh->query(“CALL SomeStoredProcedure($someInParameter1, $someInParameter2, @someOutParameter)”); $dbh->query(“SELECT @someOutParameter”); // OR, if you want very much to use PDO.Prepare(), // insert “SELECT @someOutParameter” in your stored procedure and then use: $stmt = $dbh->prepare(“CALL … Read more