On Thu, 26 Jun 2003 15:05:35 +0000 (UTC), Jack <ne***@inamillion1.com> wrote:
What is the PHP equivilent of Oracle bind variables in a SQL statement, e.g.
select x from y where z=:parameter
It looks like it's only recently been added to MySQL, in 4.1.x according to
the changelog - which is not a production version, it's still Alpha.
In the prior versions, you have to stuff the values into the SQL statement.
(Yuk - SQL injection attacks, worrying about escaping, etc.).
There are DB abstraction layers that emulate bind variables, e.g. Pear DB.
PHP's MySQL interface hasn't yet caught up with the MySQL C API that now
appears to allow '?' as a placeholder for a bind variable (so still no named
binds, but at least there's positional binds).
Looks like it's in development:
http://www.php.net/manual/en/functio...li-prepare.php
Which in asp/jsp would be followed by some statements to bind a value to :parameter
I dont like the idea of making the SQL statement on the fly without binding parameters as I
dont want a highly polluted SQL cache.
I'm using the v latest MySQL 4.1.0, PHP 4.3.2 and Apache.
MySQL doesn't have seem to have an SQL cache. In 4.x there's a 'query cache'
that caches the results of queries, by matching the entire text of a query. But
no SQL cache in the Oracle sense, as in cached execution plans.
--
Andy Hassall (an**@andyh.co.uk) icq(5747695) (
http://www.andyh.co.uk)
Space: disk usage analysis tool (
http://www.andyhsoftware.co.uk/space)
