Page 1 of 1

PHP query Syntex

Posted: Sat Oct 04, 2014 6:47 am
by gautamz07

Code: Select all

<?php
require_once 'app/init.php';

$itemsQuery = $db-> prepare(" SELECT id,name,done FROM items WHERE user = :user");

$itemsQuery ->execute([
	'user' => $_SESSION['user_id']
	]);

$items = $itemsQuery->rowCount() ? $itemsQuery : [];

foreach ($items as $item) {
	echo $item['name'] , '<br>' ;
}
?>

What kind of new select query is it in PHP ?? whats the ":user" part doing in the query ? and whats that called ?? and what are "=>" and "->" and when are they used in PHP ?

Re: PHP query Syntex

Posted: Sat Oct 04, 2014 7:05 am
by Celauran
Looks like $db is a PDO object. :user is a placeholder used when creating the prepared statement, which will be replaced at execution time with an array value with a matching key. Prepared statements help avoid SQL injection attacks and are definitely considered best practice.

=> is used for assigning values to keys in the context of arrays.

Code: Select all

$some_array = ['foo' => 'bar'];
echo $some_array['foo']; // Echoes bar
-> references an object's properties and methods.

Code: Select all

class Bicycle {
	public function pedal() {
		return "Riding my bike";
	}
}

$bike = new Bicycle();
echo $bike->pedal(); // echoes "Riding my bike"

Re: PHP query Syntex

Posted: Sun Oct 05, 2014 3:12 am
by gautamz07
@celauran ! thank you soo much for ur elaborate explanation , so wht i get is , at execution time the placeholder that is :user get replaced by
$itemsQuery ->execute([
'user' => $_SESSION['user_id']
]);

the actual user session user_id .

just a couple of questions more , are prepared statements relatively very new in PHP ? is there any good place i can go learn all this stuff ? i just got in as an application developer and my boss really wants me to pick up on a framework called YII , but i'd like to learn PHP 1st so i get the basics out of the way 1st up .

Once again , thanks for answering all my questions :D

Re: PHP query Syntex

Posted: Sun Oct 05, 2014 9:23 am
by Celauran
so wht i get is , at execution time the placeholder that is :user get replaced by

Code: Select all

$itemsQuery ->execute([
'user' => $_SESSION['user_id']
]);
the actual user session user_id
That's exactly right.
are prepared statements relatively very new in PHP ?
PDO prepared statements were introduced in PHP 5.1, so they've been around since at least 2006. They aren't new and most frameworks use them as a basis for their DBAL/ORM.

A good place to learn up to date PHP with best practices is PHP: The Right Way.

Are you using Yii 1.x or 2.x? There are a ton of tutorials on the Yii site, though I can't vouch for their quality as I haven't worked with Yii myself. Brush up on specific topics in PHP that you feel you're lacking on maybe, but I expect most of it will be picked up alongside learning the framework, so that's where I recommend focusing. It will make you more productive sooner, and you can pick up the missing bits as you progress.

Re: PHP query Syntex

Posted: Sun Oct 05, 2014 8:50 pm
by gautamz07
i check out the site you recommended and it seems to be pretty good (: its PHP 1.x currently in use in my workplace , but that might change soon .

Thanks for ur advice celauren :)