Home/ Questions/Q 7458475
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T13:27:08+00:00

I was wondering if someone could help me. Im trying to integrate some code

  • 0

I was wondering if someone could help me.

Im trying to integrate some code into my application, the code that i need to integrate is written with PDO statements and i have no idea how it goes.

I was wondering if someone could help me convert it.

The code is as follows

$sql = "insert into message2 (mid, seq, created_on_ip, created_by, body) values (?, ?, ?, ?, ?)";
$args = array($mid, $seq, '1.2.2.1', $currentUser, $body);
$stmt = $PDO->prepare($sql);
$stmt->execute($args);
if (empty($mid)) {
    $mid = $PDO->lastInsertId();
}
$insertSql = "insert into message2_recips values ";
$holders = array();
$params = array();
foreach ($rows as $row) {
    $holders[] = "(?, ?, ?, ?)";
    $params[] = $mid;
    $params[] = $seq;
    $params[] = $row['uid'];
    $params[] = $row['uid'] == $currentUser ? 'A' : 'N';
}
$insertSql .= implode(',', $holders);
$stmt = $PDO->prepare($insertSql);
$stmt->execute($params);
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You shoudl use PDO unles for some technical reason you cant. If you dont know it, learn it. Maybe this will get you started:

    /* 
This the actual SQL query the "?" will be replaced with the values, and escaped accordingly 
- ie. you dont need to use the equiv of mysql_real_escape_string - its going to do it 
autmatically 
*/
$sql = "insert into message2 (mid, seq, created_on_ip, created_by, body) values (?, ?, ?, ?, ?)";

    // these are the values that will replace the ?
    $args = array($mid, $seq, '1.2.2.1', $currentUser, $body);

    // create a prepared statement object
    $stmt = $PDO->prepare($sql);

    // execute the statement with $args passed in to be used in place of the ?
    // so the final query looks something like:
    // insert into message2 (mid, seq, created_on_ip, created_by, body) values ($mid, $seq, 1.2.2.1, $currentUser, $body)
    $stmt->execute($args);


    if (empty($mid)) {
        // $mid id is the value of the primary key for the last insert
        $mid = $PDO->lastInsertId();
    }

    // create the first part of another query
    $insertSql = "insert into message2_recips values ";

    // an array for placeholders - ie. ? in the unprepared sql string
    $holders = array();

    // array for the params we will pass in as values to be substituted for the ?
    $params = array();

    // im not sure what the $rows are, but it looks like what we will do is loop
    // over a recordset of related rows and do additional inserts based upon them
    foreach ($rows as $row) {
        // add a place holder string for this row
        $holders[] = "(?, ?, ?, ?)";

        // assign params
        $params[] = $mid;
        $params[] = $seq;
        $params[] = $row['uid'];
        $params[] = $row['uid'] == $currentUser ? 'A' : 'N';
    }
    // modify the query string to have additional place holders
    // so if we have 3 rows the query will look like this:
    // insert into message2_recips values (?, ?, ?, ?),(?, ?, ?, ?),(?, ?, ?, ?)
    $insertSql .= implode(',', $holders);

    // create a prepared statment
    $stmt = $PDO->prepare($insertSql);

    // execute the statement with the params
    $stmt->execute($params);

    PDO really is better. It has the same functionality as MySQLi but with a consistent interface across DB drivers (ie. as long as your SQL is compliant with a different database you can theoretically use the exact same php code with mysql, sqlite, postresql, etc.) AND much better parameter binding for prepared statements. Since you shouldnt be using the mysql extension any way, and MySQLi is more cumbersome to work with than PDO its really a no-brainer unless you specifically have to support an older version of PHP.

    • 0