• Wednesday , 5 August 2020

MySQL PDO Tutorial Lesson 6 – Prepared statements with placeholders

Code Canyon

Enrol on the course at https://www.webinaction.co.uk/p/mysql-pdo-tutorial to download the Working Files. How to use placeholder question marks in prepared …

Original source

3d Ocean

Related Posts


  1. Black Ghost
    January 9, 2019 at 01:26

    Are you a professor omg I've learnt so much from you.

  2. Ptmp727
    January 9, 2019 at 01:26

    What I dont understand is why the foreach loop $value returns nothing, but you have to do a vardump to get the details

  3. Code Book
    January 9, 2019 at 01:26

    include 'connect.php';

    $stmt = $db->prepare("SELECT * FROM users WHERE factory = ?");
    $stmt->bindValue(6,'Royal Fashion');
    while($row = $stmt->fetch(PDO::FETCH_ASSOC)){
    echo "<pre>";
    and I m getting
    (PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in C:xampphtdocspdotutorialprepare.php on line 6
    object(PDOStatement)#2 (1) { ["queryString"]=> string(37) "SELECT * FROM users WHERE factory = ?" })

    [0]=>id [1]=> username [2]=> password [3]=>firstname [4]=>lastname [5]=>contact [6]=>factory [7]=>level [8]=>job

  4. FlyingGardenGnome
    January 9, 2019 at 01:26

    Hello Rickard i find this verry useful thank u.

  5. David Ashby
    January 9, 2019 at 01:26

    Richard, could you tell me if this statement should work as I am not sure whether it is the statement or the fact I am using it in the wrong place within the code as I am using password_verify()

    $stmt = $pdo->prepare("select * from users where username = :username && password = :password");
    $stmt->bindParam(":username", $username);
    $stmt->bindParam(":password", $unhashed);
    echo '<pre>';
    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);

    echo '</pre>';

    If I run the statement with just username = :username I get an array returned but the password is causing an issue.


  6. David Ashby
    January 9, 2019 at 01:26

    Should you bind every field that you are retrieving or can you just bind the id as the PK or does that open your query to mysql injection?

  7. David Ashby
    January 9, 2019 at 01:26

    Richard, for some reason the wildcard is not working for me, could you advise please. My code is below. My dbase columns are first last and postcode

    $stmt = $db->prepare("SELECT * FROM names WHERE LIKE ?");
    $stmt->bindValue(1, '%d%');

    while($row = $stmt->fetch(PDO::FETCH_ASSOC)){

    $first = htmlentities($row['first']);
    $last = htmlentities($row['last']);
    $pcode = htmlentities($row['postcode']);

    echo $first . ' ' . $last . ' ' . $pcode . $space;



  8. Rayner Da Cruz
    January 9, 2019 at 01:26

    Excellent video playlist!! Thank you!

  9. irwan novianto
    January 9, 2019 at 01:26

    it 'sso great, do you have manual book for this video?

  10. John Doe
    January 9, 2019 at 01:26

    omg. your students is very lucky! a speak english so a litle) but! all what you talk is very understandable and work) thx!

  11. Coldmow
    January 9, 2019 at 01:26

    I was waiting for an error to happen. You did come far without any errors though 🙂

Leave A Comment

You must be logged in to post a comment.