Hi All,
What is the PHP equivilent of Oracle bind variables in a SQL statement, e.g.
select x from y where z=:parameter
Which in asp/jsp would be followed by some statements to bind a value to :parameter
I dont like the idea of making the SQL statement on the fly without binding parameters as I
dont want a highly polluted SQL cache.
I'm using the v latest MySQL 4.1.0, PHP 4.3.2 and Apache.
Thanks
Jack
2  31323 
On Thu, 26 Jun 2003 15:05:35 +0000 (UTC), Jack <ne***@inamillion1.com> wrote: What is the PHP equivilent of Oracle bind variables in a SQL statement, e.g.
select x from y where z=:parameter
It looks like it's only recently been added to MySQL, in 4.1.x according to
the changelog - which is not a production version, it's still Alpha.
In the prior versions, you have to stuff the values into the SQL statement.
(Yuk - SQL injection attacks, worrying about escaping, etc.).
There are DB abstraction layers that emulate bind variables, e.g. Pear DB.
PHP's MySQL interface hasn't yet caught up with the MySQL C API that now
appears to allow '?' as a placeholder for a bind variable (so still no named
binds, but at least there's positional binds).
Looks like it's in development:
http://www.php.net/manual/en/functio...li-prepare.php
Which in asp/jsp would be followed by some statements to bind a value to :parameter
I dont like the idea of making the SQL statement on the fly without binding parameters as I
dont want a highly polluted SQL cache.
I'm using the v latest MySQL 4.1.0, PHP 4.3.2 and Apache.
MySQL doesn't have seem to have an SQL cache. In 4.x there's a 'query cache'
that caches the results of queries, by matching the entire text of a query. But
no SQL cache in the Oracle sense, as in cached execution plans.
--
Andy Hassall (an**@andyh.co.uk) icq(5747695) ( http://www.andyh.co.uk)
Space: disk usage analysis tool ( http://www.andyhsoftware.co.uk/space)
Andy Hassall <an**@andyh.co.uk> wrote in
news:sd********************************@4ax.com: It looks like it's only recently been added to MySQL, in 4.1.x
according to
the changelog - which is not a production version, it's still Alpha.
In the prior versions, you have to stuff the values into the SQL
statement.
(Yuk - SQL injection attacks, worrying about escaping, etc.).
Yep, main reason I want binds - security :)
Thanks for response! Will look into pear. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Michael.Coll-Barth |
last post by:
All,
As the subject line says, I am having some trouble passing bind variables to
Oracle. When I pass a printable string value, such as 'NM', I get data.
When I try to pass a non-printable...
|
by: Achille Carette |
last post by:
Hello all,
I noticed a difference in the explain plans between JDBC using bind
variables (PreparedStatement) and SQLPlus for the same query. The query made
through JDBC using bind variables...
|
by: Daniel Roy |
last post by:
Hi gurus,
I just started to look at a very slow-running SQL statement
generated by an application (Siebel). I spooled the SQL from the
application, replaced the bind variables by their values, and...
|
by: RDS |
last post by:
Does anyone know how to do the following vb6 code using bind variables
for oracle dbs, in .net?
dim cmdMyCommand as ADODB.COMMAND
Set cmdMyCommand = New ADODB.COMMAND
With cmdMyCommand...
|
by: lnd |
last post by:
A few question regarding PostgreSQL handling of queries:
- Is each query submitted parsed and planned even if it is identical to a
query submitted before?
For example, 10 queries "select * from...
|
by: kiss07 |
last post by:
Hi,
i want 2 and 3 rd max salary in a table .i want a single query.
please help..
Arun
|
by: Shawn Mason |
last post by:
We added bind variables to our Oracle calls and once this began getting
activity the .net runtime would have an error (as indicated by the event
viewer logs). This of course resetst the session...
|
by: skaushik |
last post by:
Hi all,
I ran an explain plan for a sql query which has some bind variables used in it. The plan shows that index is being used but the execution takes a very long time. Also, in another query the...
|
by: rshome |
last post by:
A compromise that works well is to get the DBA to change the
CURSOR_SHARING instance parameter from EXACT to FORCE. This pretty
much simulates the effects of using bind variables without having to...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
| | |
