Home/ Questions/Q 8043615
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T04:57:35+00:00

I am still trying to convert mysql_* things into PDO and prepared statements. It

  • 0

I am still trying to convert mysql_* things into PDO and prepared statements. It is really hard work to do this in entire web but I am not giving up and I ran into some problems.

My question is about multiple mysql_query() commands in one function. So when i have something like this in code:

if (something)
{
   mysql_query("UPDATE account SET pass=$pass WHERE id=$id");
   mysql_query("UPDATE account_2 SET lock=$lock WHERE id=$id");
   mysql_query("UPDATE account_3 SET surname=$surname WHERE id=$id");                      
}

And want to tranfer it to PDO an prepared statements. I already know I have to do something like this:

if (something)
{
    $stmt = $db->prepare("UPDATE account SET pass=:pass WHERE id=:id");
    $stmt->bindValue(':pass', $pass, PDO::PARAM_STR);
    $stmt->bindValue(':id', $id, PDO::PARAM_INT);
    $stmt->execute();                      
}

I have actually two questions:
Is it ok to bindValue password as string (PDO::PARAM_STR)?
When I add other statements as it has more queries should I name them differently like $stmt2 or when it is executed I can do only $stmt all the time like this?

if (something)
{
    $stmt = $db->prepare("UPDATE account SET pass=:pass WHERE id=:id");
    $stmt->bindValue(':pass', $pass, PDO::PARAM_STR);
    $stmt->bindValue(':id', $id, PDO::PARAM_INT);
    $stmt->execute();

    $stmt = $db->prepare("UPDATE account_2 SET lock=:lock WHERE id=:id");
    $stmt->bindValue(':lock', $lock, PDO::PARAM_INT);
    $stmt->bindValue(':id', $id, PDO::PARAM_INT);
    $stmt->execute();                      
}

Or should I rather do this?

if (something)
{
    $stmt = $db->prepare("UPDATE account SET pass=:pass WHERE id=:id");
    $stmt->bindValue(':pass', $pass, PDO::PARAM_STR);
    $stmt->bindValue(':id', $id, PDO::PARAM_INT);
    $stmt->execute();

    $stmt2 = $db->prepare("UPDATE account_2 SET lock=:lock WHERE id=:id");
    $stmt2->bindValue(':lock', $lock, PDO::PARAM_INT);
    $stmt2->bindValue(':id', $id, PDO::PARAM_INT);
    $stmt2->execute();                      
}

And one more at the end. When I have in code function/check like this:

if (mysql_query("INSERT INTO account (id, pass, email, request_time, status) VALUES ('".$id."', '".$pass."', '".$mail."', '".time()."', '".$status."')"))
{
    blabla
}

How to use suck check in stmt and PDO if the insert command was executed if it needs to be there in PDO in the first place?

And last question … when I already bindValue in prepared statement in PDO do I later in code still need to use is_numeric() function?

So Summary:

1) Is it ok to bindValue password as string (PDO::PARAM_STR)?

2) When I add statements as it has more queries should I name them differently like $stmt, $stmt2, $stmt3 or every statement the same?

3) When I already bindValue in prepared statement in PDO do I later in code still need to use is_numeric() function (maybe for some cheating with the variable)?

Thank you all

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    1. Yes

    2. you can name them $stmt because you won’t need a different one (once you execute you are done, so you can overwrite if you want to). But What I don’t get is why dont you just place it all in 1 statement in stead of 3 different ones?

    3. Don’t really get what you mean here? If you need to know if it’s numeric you will need is_numeric() yeah.

    And you can check if it was executed succesfully with $stmt->execute(); because it returns true if succesfull.

    So you would do

    $passed = $stmt->execute();

if($passed)
{
    //fetch
}

    Here’s a simple example:

    $stmt = $db->prepare("UPDATE `account`
                         SET account.pass = ?
                       WHERE account.id = ?
                       LIMIT 1");

$stmt->bindParam(1, $pass, PDO::PARAM_STR);
$stmt->bindParam(2, $id, PDO::PARAM_INT);
$stmt->setFetchMode(PDO::FETCH_ASSOC);

if($stmt->execute())
{
    $stmt->fetch(); //fetch your data
}
else
{
    //error
}
    • 0