MySQLi:
Code: Select all
$sql = new mysqli('host', 'user', 'pass', 'db');
$query = "SELECT name, price, color FROM products WHERE id = ? AND size = ?";
$stmt = $sql->prepare($query);
$stmt->bind_param('is', $_GET['id'], $_GET['size']);
$stmt->execute();
$stmt->bind_result($name, $price, $color);
while ($stmt->fetch()) {
echo "Name: {$name}<br>";
echo "Price: {$price}<br>";
echo "Color: {$color}<br>";
}Code: Select all
$pdo = new PDO('mysql:host=localhost;dbname=whatever', 'user', 'pass');
$query = "SELECT name, price, color FROM products WHERE id = :id AND size = :size";
$stmt = $pdo->prepare($query);
$stmt->execute(array(':id' => $_GET['id'], ':size' => $_GET['size']));
while ($row = $stmt->fetch(PDO::FETCH_OBJ)) {
echo "Name: {$row->name}<br>";
echo "Price: {$row->price}<br>";
echo "Color: {$row->color}<br>";
}- Being able to use placeholders (:id) rather than ? helps keep things readable
- Being able to pass in an array of these placeholders with their values mapped is infinitely more readable than MySQLi's bind_param()
- Not having to bind every single column of your result set keeps code significantly shorter for more complex queries.