Accessing Databases with Object-Oriented PHP
Illustration by Don Barnett

Accessing Databases with Object-Oriented PHP

with David Powers

Video: Using named parameters

PDO has the option of using either It contains a search form with a text Instead of getting the results that I want, the page displays a complete And that needs to be greater than or equal to.
Expand all | Collapse all
  1. 13m 33s
    1. Welcome
      1m 4s
    2. What you should know before watching this course
      2m 8s
    3. Using the exercise files
      4m 56s
    4. Setting SQLite permissions
      1m 11s
    5. A quick primer on using PHP objects
      4m 14s
  2. 10m 12s
    1. Overview of PHP database APIs
      4m 5s
    2. Using prepared statements
      4m 24s
    3. Using transactions
      1m 43s
  3. 48m 57s
    1. Creating a database source name
      2m 3s
    2. Connecting to a database with PDO
      7m 27s
    3. Looping directly over a SELECT query
      3m 49s
    4. Fetching a result set
      8m 3s
    5. Finding the number of results from a SELECT query
      7m 14s
    6. Checking if a SELECT query contains results
      3m 32s
    7. Executing simple non-SELECT queries
      6m 2s
    8. Getting error messages
      7m 17s
    9. Using the quote() method to sanitize user input
      3m 30s
  4. 39m 51s
    1. Binding input and output values
      2m 36s
    2. Using named parameters
      9m 51s
    3. Using question marks as anonymous placeholders
      2m 35s
    4. Passing an array of values to the execute() method
      5m 20s
    5. Binding results to variables
      7m 53s
    6. Executing a transaction
      6m 54s
    7. Closing the cursor before running another query
      4m 42s
  5. 21m 20s
    1. Generating an array from a pair of columns
      2m 44s
    2. Setting an existing object's properties with a database result
      4m 42s
    3. Creating an instance of a specific class with a database result
      6m 1s
    4. Reusing a result set
      7m 53s
  6. 38m 14s
    1. Connecting to a database with MySQLi
      5m 57s
    2. Setting the character set
      1m 57s
    3. Submitting a SELECT query and getting the number of results
      4m 4s
    4. Fetching the result
      7m 35s
    5. Rewinding the result for reuse
      3m 20s
    6. Handling non-SELECT queries
      5m 27s
    7. Getting error messages
      5m 47s
    8. Sanitizing user input with real_escape_string()
      4m 7s
  7. 27m 49s
    1. Initializing and preparing a statement
      4m 17s
    2. Binding parameters and executing a prepared statement
      5m 55s
    3. Binding output variables
      5m 6s
    4. Executing a MySQLi transaction
      7m 5s
    5. Dealing with "commands out of sync" in prepared statements
      5m 26s
  8. 24m 7s
    1. Buffered and unbuffered queries
      4m 19s
    2. Using real_query()
      6m 1s
    3. Freeing resources that are no longer needed
      2m 31s
    4. Submitting multiple queries
      6m 41s
    5. Creating an instance of a class from a result set
      4m 35s
  9. 3m 31s
    1. PDO and MySQLi compared
      3m 31s

Start your free trial now, and begin learning software, business and creative skills—anytime, anywhere—with video instruction from recognized industry experts.

Start Your Free Trial Now
please wait ...
Watch the Online Video Course Accessing Databases with Object-Oriented PHP
3h 47m Intermediate Jul 07, 2014

Viewers: in countries Watching now:

Now that PHP has true object-oriented capabilities, it's best practice to access databases using PDO (PHP Data Objects) and MySQLi. These methods produce database-neutral code that works with over a dozen systems, including MySQL, SQL Server, PostgreSQL, and SQLite. Learn how to use PDO and MySQLi to perform basic select, insert, update, and delete operations; improve security with prepared statements; and use transactions to execute multiple queries simultaneously. Author David Powers also covers advanced topics like instantiating custom objects, and compares PDO to MySQLi so you can decide which method is right for you.

Topics include:
  • Connecting to a database with PDO or MySQLi
  • Fetching a result set
  • Executing simple non-SELECT queries
  • Sanitizing user input
  • Binding input and output values
  • Passing an array of values to the execute() method
  • Working with advanced PDO fetch methods
  • Executing a MySQLi transaction
  • Freeing resources that are no longer needed
  • Submitting multiple queries
  • Creating an instance of a class from a result set
Subject:
Developer
Software:
PHP
Author:
David Powers

Using named parameters

PDO has the option of using either named or anonymous parameters in prepared statements. We'll begin by looking at named parameters and how to bind values to them. This is pdo_named.php, which you can find in the Chapter 3 03_02 folder of the exercise files. Let's take a quick look at this page in a browser. It contains a search form with a text input field two select menus and a submit button.

At the moment, the PHP script ignores the values in the form fields. So if I change these select menus, say to 2005. And to 10,000. Leave the make field blank. And click Search. Instead of getting the results that I want, the page displays a complete set of results from the cars and makes tables in the OOPHP database. We need to embed the values submitted by the form into the SQL. And we'll do that using a prepared statement.

So let's go back to the editing program. And the search criteria need to be added to the SQL as a WHERE clause. So we'll put the WHERE clause on a new line after line seven. And the first value we're looking for is make. We'll use the LIKE operator, and then a named parameter. Named parameters begin with a colon. So I'll call it make. You don't need to use the same name as the column, but very often it's helpful to do so.

Then an AND clause. Next one we want is yearmade. And that needs to be greater than or equal to. And then a named parameter. So colon yearmade. Price, needs to be less than or equal to. And again, a named parameter beginning with a colon, price. The original script used the query method to submit the query and store the result as result. This time we're going to be using a prepared statement, so we need to get rid of that line ten and replace it with the preparation of our prepared statement.

We call this statement stmt, and then we use the database connection object. And call its prepare method. And we pass it the SQL. So at this stage it's very similar to using query. But, we need to bind the values to our named parameters. The first parameter is make, and that's using the LIKE operator. That means we're going to need to add percentage wildcard characters before and after the value of make that's passed in from the form, through the GET array.

As a result, we need to use bind value, rather than bindParam. So on the next line, we'll use the statement object, and we'll call its bind value method. The first argument to bind value is a string. And that's the named parameter. So it begins with a colon make. And the next argument is the value that you want to pass to it. So we need the wild card caret, the percentage sign as a string. Then concatenate to that the value that comes from the form through the GET array. And that form field is called make. Then finally the, other wild card character.

The values coming from yearmade and price don't need to be changed. So, we can use the variables that come from the GET array. That means we can use bindParam. So on the next line. Again, the statement object. This time the bindParam method. And the first argument, is the same as before. It's the same structure. We use the named parameter. So, this will be yearmade. And the next argument is the value that we want to assign to it. So this comes from the GET array, and that is yearmade. Now yearmade is an integer so we can pass a third argument, a PDO constant, to say that we want it to be submitted as an integer, so. All in caps, PDO. Then a double colon and PARAM_INT. That says, we're submitting this as an integer. Price is almost exactly the same, so we'll just duplicate that line and then, we change the named parameter to colon price. And the value from the GET array to price. Now we need to execute the statement. That's simply done. The statement object, and you call it execute method. The original script here on line 15 used the error info method on the database object to get any error messages. This time we need to use it on the statement object, so change db on that line to stmt, the statement object. And this works in exactly the same way as in the previous chapter. The error info method returns an array, which if there is a problem, has the error message as the third element.

So if there is the third element in the error info array, then we will know that there is an error. If there's no third element, then we know that everything has gone fine. The result set is now stored in the statement object, but the table must be displayed only if the result set contains any records. Some databases like MySQL report the number of rows returned by a select query. But that won't work with all databases. So to create portable code, we need to fetch the first row to see if there is one.

And we need to do that much further down in the page, so let's scroll down. This is the form and there on line 62 is a conditional statement that checks whether the form has been submitted. We need to add our code inside this conditional statement. So if we add a couple of lines in there, then on line 63, we can use the fetch method on the statement object to get the first row. So we'll store that as row. And our statement object, and fetch. So this will get the first row from the results set.

If there is one. But if there are no results, row will be false. So if there's nothing to display, we can hide the table by wrapping it in another conditional statement. We'll use row as the condition. So if row, if there is a row, then we need to display the table. We need to add the. Closing curly brace right down at the very bottom of the page. It's here on line 84. We need to put that in there.

So we've now got our braces balanced correctly. So, here we are getting the first row. If there is a value in that row, it will then, display what goes after line 64 inside this conditional statement. But we can no longer use this while loop, because if we've got the first row here, we need to display the first row before going on to get the rest of the results. So, copy that while clause. Cut it with a clipboard and replace it with do.

Then down at the end of that loop, you can paste in the while condition. But at the moment, we're referring to result. We need to change that to statement. So we're getting everything now from the prepared statement. So this conditional statement here will display the table if there are any results. If there are no results, we need to say there aren't any. So we can put an else block down here, and then we just echo no results found. So that's all we need to do. Let's save that page. Go back to the browser.

And this time we'll add in some search criteria. Put in ch. And we'll change the year say to, 1980. We'll make the maximum value $20,000. Conduct a search. And now we've got a filtered result. So all the values that have been passed from the form have been passed to the SQL query. And it is used that in the WHERE clause. So let's just recap that. This is how you use a prepared statement with named parameters in PDO. Let's go back up and have a look at the SQL statement.

Here is the WHERE clause. The name parameters begin with a colon. You don't need to use the same name as the column, but it makes the query easier to understand if you do so. The parameters are inserted directly into the SQL query. And even when a parameter represents a string, you must not enclose it in quotes. You then pass the SQL to the prepare method to create the statement and bind the values to the parameters using bindParam for variables. And bindValue for expressions such as calculations or strings.

And finally, execute using the execute method. And fetch the results directly from the statement object.

There are currently no FAQs about Accessing Databases with Object-Oriented PHP.

 
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ .

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

* Estimated file size

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed Accessing Databases with Object-Oriented PHP.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member ?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferences from the dropdown menu.

Continue to classic layout Stay on new layout
Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Learn more, save more. Upgrade today!

Get our Annual Premium Membership at our best savings yet.

Upgrade to our Annual Premium Membership today and get even more value from your lynda.com subscription:

“In a way, I feel like you are rooting for me. Like you are really invested in my experience, and want me to get as much out of these courses as possible this is the best place to start on your journey to learning new material.”— Nadine H.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.