Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member

Binding parameters and executing a prepared statement

From: Accessing Databases with Object-Oriented PHP

Video: Binding parameters and executing a prepared statement

{QTtext}{width:960}{textColor:65280,65280,65280}{justify:center}{timescale:1000}{backColor:0,0,0}{plain}{font:Verdana}{size:20} So we can now bind values to the placeholders in the else block. We've already initialized the statement on line The data type of each value is represented by a single character.

Binding parameters and executing a prepared statement

So we can now bind values to the placeholders in the else block. We've already initialized the statement on line ten, and prepared it on the following line. We do that using the bind_param method of the statement object. So, statement, and the bind_param method.

The first argument of bind_param needs to be a string representing the data type of the value being bound to each placeholder. So, let's pause a moment to see how MySQLi expects the data types to be specified. The data type of each value is represented by a single character.

I for integers or whole numbers, d for numbers with a decimal fraction, technically the d stands for double. S for strings and b for binary large objects, such as files or images. So we need to build a string to pass the bind_param using the appropriate characters. So let's get back to the code. The where clause in the SQL has three placeholders. One each for the make, year made, and price columns. So the first argument to bind_param needs to be a string representing the data type that we want to pass to those columns.

representing the data type that we want to pass to those columns. Make needs to be a string, so that's S. Year made needs to be an integer, so that's I. Price contains a decimal point, so that's a double D. Then the remaining arguments that are passed to bind_param are the values to be bound to each placeholder. It goes without saying that they need to be in the same order as the place holders, and they must be exactly the same number.

We're using the like operator for the make column. So the value that comes from the form needs to be wrapped in percentage signs as wild card characters. But the values that you passed to bind_param must be variables.

You can't use actual values or expressions. So we'll need to create a variable for make. So we'll just call it simply make. The next value will come directly from the form, so we get that from the GET array, GET year made. And the last value also comes directly from the form, that's GET price. Now, we need to define make. It doesn't matter where you define it as long as it's done before you execute the prepared statement, so we can create that on the next line.

Begins with a wildcard character, %, then the value from the form GET make and a wildcard character. Now that we've bound the values to the placeholders, we can execute the statement using the execute method. Although this executes the statement, it doesn't actually retrieve the result set.

To do that, we need to use the GET result method. So we'll assign that to result, and this returns on MySQLi result object in exactly the same way as if we had submitted the query using the query method, and if we scroll down we can see that in the original code, we make reference to the result object to get the number of rows in the result.

make reference to the result object to get the number of rows in the result. And also down here in the while loop, we use the fetch sock method to get each individual row and then display it. So, if we save that we can now test this in a browser. So, let's some try some cars. Let's see, ch, search. Yes, we are getting Chevrolet and Chrysler.

Yes, we are getting Chevrolet and Chrysler. So, the results are being filtered now on the basis of what has been submitted from the form. So, let's review how we use the prepared statement to embed from the user input into an SQL query. We began by adding a where clause to the SQL on line eight and using question marks as placeholders for the input values. It's important to note that the placeholders are not wrapped in quotes even if the value is a string. The prepared statement takes care of quotes automatically.

Then on line ten, we initialize the statement, and on the following line, we parse the SQL to it's prepare method. This checks that the syntax is okay, and optimizes the query if necessary. If there's a syntax error, it's stored in the statement's error property. Then we bound values to the placeholders using the bind_param method. The first argument of bind_param is a string that represents the data types of the values that you're binding.

In this case, sid stands for string integer and double. The remaining arguments are the values to be assigned to the placeholders and they must be variables. That's why we created this make variable for the value to be assigned to the make column. If we'd attempted to pass this expression directly to bind_param, it would've generated an error.

Then with all the values assigned to placeholders we could finally execute the statement and then fetch the result using the GET result method. It’s a more lengthy process than calling the query method, but it does make the SQL easier to read than embedding variables and it avoids complications with getting the right combination of single and double quotes. Another useful feature of a prepared statement is the ability to bind the results to output variables and we'll look at that next.

Show transcript

This video is part of

Image for Accessing Databases with Object-Oriented PHP
Accessing Databases with Object-Oriented PHP

47 video lessons · 1877 viewers

David Powers
Author

 
Expand all | Collapse all
  1. 13m 33s
    1. Welcome
      1m 4s
    2. What you should know before watching this course
      2m 8s
    3. Using the exercise files
      4m 56s
    4. Setting SQLite permissions
      1m 11s
    5. A quick primer on using PHP objects
      4m 14s
  2. 10m 12s
    1. Overview of PHP database APIs
      4m 5s
    2. Using prepared statements
      4m 24s
    3. Using transactions
      1m 43s
  3. 48m 57s
    1. Creating a database source name
      2m 3s
    2. Connecting to a database with PDO
      7m 27s
    3. Looping directly over a SELECT query
      3m 49s
    4. Fetching a result set
      8m 3s
    5. Finding the number of results from a SELECT query
      7m 14s
    6. Checking if a SELECT query contains results
      3m 32s
    7. Executing simple non-SELECT queries
      6m 2s
    8. Getting error messages
      7m 17s
    9. Using the quote() method to sanitize user input
      3m 30s
  4. 39m 51s
    1. Binding input and output values
      2m 36s
    2. Using named parameters
      9m 51s
    3. Using question marks as anonymous placeholders
      2m 35s
    4. Passing an array of values to the execute() method
      5m 20s
    5. Binding results to variables
      7m 53s
    6. Executing a transaction
      6m 54s
    7. Closing the cursor before running another query
      4m 42s
  5. 21m 20s
    1. Generating an array from a pair of columns
      2m 44s
    2. Setting an existing object's properties with a database result
      4m 42s
    3. Creating an instance of a specific class with a database result
      6m 1s
    4. Reusing a result set
      7m 53s
  6. 38m 14s
    1. Connecting to a database with MySQLi
      5m 57s
    2. Setting the character set
      1m 57s
    3. Submitting a SELECT query and getting the number of results
      4m 4s
    4. Fetching the result
      7m 35s
    5. Rewinding the result for reuse
      3m 20s
    6. Handling non-SELECT queries
      5m 27s
    7. Getting error messages
      5m 47s
    8. Sanitizing user input with real_escape_string()
      4m 7s
  7. 27m 49s
    1. Initializing and preparing a statement
      4m 17s
    2. Binding parameters and executing a prepared statement
      5m 55s
    3. Binding output variables
      5m 6s
    4. Executing a MySQLi transaction
      7m 5s
    5. Dealing with "commands out of sync" in prepared statements
      5m 26s
  8. 24m 7s
    1. Buffered and unbuffered queries
      4m 19s
    2. Using real_query()
      6m 1s
    3. Freeing resources that are no longer needed
      2m 31s
    4. Submitting multiple queries
      6m 41s
    5. Creating an instance of a class from a result set
      4m 35s
  9. 3m 31s
    1. PDO and MySQLi compared
      3m 31s

Start learning today

Get unlimited access to all courses for just $25/month.

Become a member
Sometimes @lynda teaches me how to use a program and sometimes Lynda.com changes my life forever. @JosefShutter
@lynda lynda.com is an absolute life saver when it comes to learning todays software. Definitely recommend it! #higherlearning @Michael_Caraway
@lynda The best thing online! Your database of courses is great! To the mark and very helpful. Thanks! @ru22more
Got to create something yesterday I never thought I could do. #thanks @lynda @Ngventurella
I really do love @lynda as a learning platform. Never stop learning and developing, it’s probably our greatest gift as a species! @soundslikedavid
@lynda just subscribed to lynda.com all I can say its brilliant join now trust me @ButchSamurai
@lynda is an awesome resource. The membership is priceless if you take advantage of it. @diabetic_techie
One of the best decision I made this year. Buy a 1yr subscription to @lynda @cybercaptive
guys lynda.com (@lynda) is the best. So far I’ve learned Java, principles of OO programming, and now learning about MS project @lucasmitchell
Signed back up to @lynda dot com. I’ve missed it!! Proper geeking out right now! #timetolearn #geek @JayGodbold
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ.

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed Accessing Databases with Object-Oriented PHP.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferencesfrom the dropdown menu.

Continue to classic layout Stay on new layout
Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Are you sure you want to delete this note?

No

Your file was successfully uploaded.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.