qual'è la vera differenza tra Prepared statement
e una cosa tipo questa?Codice PHP:<?php
/* Execute a prepared statement by binding PHP variables */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < :calories AND colour = :colour');
$sth->bindParam(':calories', $calories, PDO::PARAM_INT);
$sth->bindParam(':colour', $colour, PDO::PARAM_STR, 12);
$sth->execute();
?>
Qual'è + indicato usare per una programmazione corretta. Per esempio: nel libro "Beginning PHP and PostgreSQL E-Commerce from novice to professional" non usano $dbh->beginTransaction(); usano prepare() e execute() ma non usano bindParam().Codice PHP:<?php
/* Begin a transaction, turning off autocommit */
$dbh->beginTransaction();
/* Change the database schema and data */
$sth = $dbh->exec("DROP TABLE fruit");
$sth = $dbh->exec("UPDATE dessert
SET name = 'hamburger'");
$dbh->Commit();
/* Recognize mistake and roll back changes */
$dbh->rollBack();
/* Database connection is now back in autocommit mode */
?>
grazie
Rispondi quotando