Page 1 of 1
PHP query Syntex
Posted: Sat Oct 04, 2014 6:47 am
by gautamz07
Code: Select all
<?php
require_once 'app/init.php';
$itemsQuery = $db-> prepare(" SELECT id,name,done FROM items WHERE user = :user");
$itemsQuery ->execute([
'user' => $_SESSION['user_id']
]);
$items = $itemsQuery->rowCount() ? $itemsQuery : [];
foreach ($items as $item) {
echo $item['name'] , '<br>' ;
}
?>
What kind of new select query is it in PHP ?? whats the ":user" part doing in the query ? and whats that called ?? and what are "=>" and "->" and when are they used in PHP ?
Re: PHP query Syntex
Posted: Sat Oct 04, 2014 7:05 am
by Celauran
Looks like $db is a
PDO object. :user is a placeholder used when creating the prepared statement, which will be replaced at execution time with an array value with a matching key. Prepared statements help avoid SQL injection attacks and are definitely considered best practice.
=> is used for assigning values to keys in the context of arrays.
Code: Select all
$some_array = ['foo' => 'bar'];
echo $some_array['foo']; // Echoes bar
-> references an object's properties and methods.
Code: Select all
class Bicycle {
public function pedal() {
return "Riding my bike";
}
}
$bike = new Bicycle();
echo $bike->pedal(); // echoes "Riding my bike"
Re: PHP query Syntex
Posted: Sun Oct 05, 2014 3:12 am
by gautamz07
@celauran ! thank you soo much for ur elaborate explanation , so wht i get is , at execution time the placeholder that is :user get replaced by
$itemsQuery ->execute([
'user' => $_SESSION['user_id']
]);
the actual user session user_id .
just a couple of questions more , are prepared statements relatively very new in PHP ? is there any good place i can go learn all this stuff ? i just got in as an application developer and my boss really wants me to pick up on a framework called YII , but i'd like to learn PHP 1st so i get the basics out of the way 1st up .
Once again , thanks for answering all my questions

Re: PHP query Syntex
Posted: Sun Oct 05, 2014 9:23 am
by Celauran
so wht i get is , at execution time the placeholder that is :user get replaced by
Code: Select all
$itemsQuery ->execute([
'user' => $_SESSION['user_id']
]);
the actual user session user_id
That's exactly right.
are prepared statements relatively very new in PHP ?
PDO prepared statements were introduced in PHP 5.1, so they've been around since at least 2006. They aren't new and most frameworks use them as a basis for their DBAL/ORM.
A good place to learn up to date PHP with best practices is
PHP: The Right Way.
Are you using Yii 1.x or 2.x? There are a ton of tutorials on
the Yii site, though I can't vouch for their quality as I haven't worked with Yii myself. Brush up on specific topics in PHP that you feel you're lacking on maybe, but I expect most of it will be picked up alongside learning the framework, so that's where I recommend focusing. It will make you more productive sooner, and you can pick up the missing bits as you progress.
Re: PHP query Syntex
Posted: Sun Oct 05, 2014 8:50 pm
by gautamz07
i check out the site you recommended and it seems to be pretty good (: its PHP 1.x currently in use in my workplace , but that might change soon .
Thanks for ur advice celauren
