Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have this query inside a PHP file:
return $this->_getDb()->fetchRow('
SELECT *
FROM xf_user
WHERE user_id = ?
', $userId);
What does the last line do , and after a quick look up on google I found that a question mark is a dynamic parameter. Can anybody give me a more detailed explanation about it? Thanks.
Well, you’re missing part of the command (notice the unbalanced quote). I suspect you left off one or two lines at the beginning.(User edited the post to include the missing line).What a parameter does is take the parameter’s value (the value held in the $userID variable) and use it to evaluate the SQL Query. So, if $userID contained the value 101, the query executed would basically be
SELECT * FROM xf_user WHERE user_id = 101.However, using parameters is different from simply constructing the query as a text statement, since parameters are type checked and are safe against SQL injection attacks. Also, the same command executed multiple times with a new value in $userID will execute faster since the SQL engine can “prepare” the statement just once rather than each time you execute it.