0

I was wondering if what I am trying to do here is possible. Does my query know what parameter is what value?

$parameters = [$dishId, $userId];
$query = 'INSERT INTO dish_favorites ("userId", "dishId")' .
            'VALUES (? , ?)'
        ;
$stmt = $this->_db->query($query, $parameters);

Thanks a lot for any help!

Frank Lucas
  • 551
  • 3
  • 11
  • 25
  • Of course. Would be a bit useless otherwise. It's done in order. So the first value is used in the first `?` from left to right. – Jonnix Sep 12 '16 at 12:36
  • It is possible with PDO and mysqli. The first parameter goes to the first placeholder etc. What driver are you using? Have you tried this? Your columns shouldn't be quoted, they should be in backticks. – chris85 Sep 12 '16 at 12:36
  • Difference between `"` and `\`` makes this invalid SQL – Mark Baker Sep 12 '16 at 12:37
  • I am using PDO thanks for you responses! I understand how it works now, just in order :) – Frank Lucas Sep 12 '16 at 12:37
  • @MarkBaker I can't use `'` so how should I fix it? – Frank Lucas Sep 12 '16 at 12:38
  • Use backticks, not quotes at all (for tables/columns). The key to the left of the 1 (on most keyboard). `\`` Quotes are only for strings. – chris85 Sep 12 '16 at 12:38
  • (single quote) `'` !== `\`` (backtick) – Mark Baker Sep 12 '16 at 12:40
  • Take a look at http://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-backticks. – chris85 Sep 12 '16 at 12:41
  • 1
    Or you could just omit them entirely, as there is no reason to escape the column names in your example... – Siyual Sep 12 '16 at 12:44
  • 1
    @FrankLucas Using back-ticks (`\``) to escape a table or column name should (in my opinion, at least) be reserved for when the table/column either has a space in the name, is a reserved keyword, or some other reason that makes it naively unable to be parsed by the sql compiler. But this is largely irrelevant to your actual question. – Siyual Sep 12 '16 at 12:47
  • I agree with @Siyual - using backticks (MySQL) or quotes (Oracle, PostgreSQL) or square brackets (MS SQL Server) is largely irrelevant here. – Boris Schegolev Sep 12 '16 at 13:16

0 Answers0