-2

I wanted to write a PHP script in which i had to execute INSERT query in MySQL database using prepared statement.

As i am a beginner in PHP, i had no idea how to do it. so I looked it up on Stackoverflow and found this How to create a secure mysql prepared statement in php? .

So i started doing it in same way as done in the accepted answer BUT in the answer, there are some methods used, like

  1. prepare to prepare the SELECT query

  2. bind_param to bind parameters to query

  3. close to close to $stmt

which are not suggested to me by Visual Studio Code when i try to use them. Also when i use these methods and hover the pointer over them, no documentation is shown by the Visual Studio Code which made me think whether these methods are available anymore or not.

Instead of prepare method, Visual Studio Code suggests odbc_prepare, instead of bind_param, it suggests mysqli_bind_param and instead of close, it suggests odbc_close.

I am using PHP 7.2

Question: Are methods like prepare, close, bind_param not available in PHP 7 and can i use the ones suggested to me by Visual Studio Code in place of these methods ?

sayan saha
  • 91
  • 2
  • 8
  • 1
    http://php.net/manual/en/book.pdo.php – jeprubio Dec 27 '17 at 23:40
  • *"Question: Are methods like prepare, close, bind_param not available in PHP 7 and can i use the ones suggested to me by Visual Studio Code in place of these methods ?"* - Why wouldn't they be available in php 7? Did you not go through the manual(s) at all before posting? – Funk Forty Niner Dec 28 '17 at 00:12
  • @FunkFortyNiner i did go through the documentation. According to _Gant's_ answer, `prepare` or `bind_param` can only be used with `mysqli` prefix but have a look at this [Prepared Statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) where they have used `prepare` and `bind_param` methods with `mysqli` object. I am doing the same thing but `Visual Studio Code` is not suggesting these methods at all. –  Dec 28 '17 at 00:45
  • 1
    because VSC is not focused on php ! you are not gonna see suggests about everything just few functions and methods, there's some php IDEs out there that suggest way more. just google "PHP IDE" ( i personally use atom, it doesn't suggest 99% of php functions and no methods suggestions at all ! but still like it, clean and faster then VSC ) – azjezz Dec 28 '17 at 00:59

2 Answers2

1

Those function are not a standalone functions. They are methods of PDO objects. To learn more about PDO check this tutorial: PDO Tutorial

$pdo = new PDO();
$stmt = $pdo->prepare('SELECT * FROM users WHERE email = :email AND status=:status');
$stmt->execute(['email' => $email, 'status' => $status]);
$user = $stmt->fetch();
Cano64
  • 237
  • 1
  • 2
  • 8
0

You can only use these functions without an mysqli object in the procedural style with the mysqli_ prefix.

The object-orinted style is usually preferred however.

PHP.net has a comparison of the two approches.

Aurelia
  • 1,052
  • 6
  • 28
  • Have a look at [Prepared Statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) where they have used these methods with `mysqli` object. When i use the object approach, these methods are not suggested, they are only suggested when using procedural approach. –  Dec 28 '17 at 00:46