Home/ Questions/Q 8612033
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T04:31:38+00:00

Don’t get me wrong PDO is great but what I don’t like about it,

  • 0

Don’t get me wrong PDO is great but what I don’t like about it, is how variables are placed far away from the place they belong inside the SQL statement. Meaning I have a query like:

$stmt = $dbh->prepare("SELECT * FROM users WHERE email = ? AND pass = ?");

The variables that are replacing the ? are always far away some lines below:

$stmt->bindParam(1, $email);
$stmt->bindParam(2, $pass);

If you have a lot of parameters this can get quite ugly. Using :email instead of ? does not make it much better. Sometimes you see the parameters as array in the same methode like:

$db->query("SELECT * FROM users WHERE email = ? AND pass = ?",
   array($email, $pass));

A little bit better but with 10 variables it is still ugly. You practically create a variable ? you only use once. Also code highlighting is not supported for this pseudo variable.

I think it would be nicer to have it like this

$db->prepare("SELECT * FROM user WHERE email = ", $email, " AND pass = ", $pass);

You could even include the parameters of binParam() like this:

$db->prepare_new(
   "SELECT * FROM user WHERE email = ", array($email, PDO::PARAM_STR),
   " AND pass = ", $pass);

I wounder if there is a library that supports this type of style. Do you know one?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If always every even parameter will be parameter you can do it like this:

    class MyPDO extends PDO {
    public function prepareQuery() {
        $query_str = "";
        $params = array();
        foreach(func_get_args() as $key => $param) {
            if( $key % 2 == 0 ) {
                $query_str .= $param;
            }
            else {
                $params[] = $param;
                $query_str .= ' ? ';
            }
        }

        $prepared = $this->prepare($query_str);
        foreach( $params as $key => $param ) {
            $prepared->bindParam( $key+1, $param );
        }
        return $prepared;
    }
}

    and then you can use it as you wanted:

    $db = new MyPDO( .. );
$db->prepareQuery("SELECT * FROM user WHERE email = ", $email, " AND pass = ", $pass);

    PS: not tested – just a concept

    • 0