Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
138 lines (89 sloc) 4.92 KB

Prepared statements

Prepared statements help you in many cases to avoid avoid mysql injections and helps increasing security of your queries by separating the SQL logic from the data being supplied.

DALMP\Database by default tries to determine the type of the data supplied, so you can just focus on your query without needing to specify the type of data, If you preffer you can manually specify the type of the data. The following table, show the characters which specify the types for the corresponding bind variables:

Character Description
i corresponding variable has type integer
d corresponding variable has type double
s corresponding variable has type string
b corresponding variable is a blob and will be sent in packets
.. seealso::

   Method `prepare </en/latest/database/Prepare.html>`_, & `mysqli_stmt_bind_param <>`_.

To use "Prepared statements" on your SQL statements for retrieving data, the following methods can be used:

Name Normal Prepared statements Cache Normal Cache Prepared statements
all GetAll PGetAll CacheGetAll CachePGetAll
assoc GetAssoc PGetAssoc CacheGetAssoc CachePGetAssoc
col GetCol PGetCol CacheGetCol CachePGetCol
one GetOne PGetOne PGetOne CacheGetOne
row GetRow PGetRow PGetRow CacheGetRow

Any query or either for Inserting or Updating:

Name Normal Prepared statements
Execute Execute PExecute


Notice that when using "Prepared statements" the methods are prefixed with a P.

.. seealso::

   Method `Cache </en/latest/database/Cache.html>`_.


Example using the LIKE statement:

If you want to define the types, you must pass an array specifying each type. Example:

An Insert example:

.. seealso::

   Method `PExecute </en/latest/database/PExecute.html>`_

An Update example:


When updating the return value 0, Zero indicates that no records where updated.