-1

What exactly does bindValue do in php? I have managed without, but I should have used it, why is it absolutely necessary?

Example:

$sth->bindValue(':id', $id, PDO::PARAM_INT);
Álvaro González
  • 142,137
  • 41
  • 261
  • 360
ceejayz
  • 3
  • 1
  • Does this answer your question? [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Progman Apr 05 '23 at 16:58
  • It is not absolutely necessary. You probably only need it to bind out variables in database engines that support them (e.g. Oracle), for regular prepared statements it's mostly syntactic salt, you can just pass an array with all parameters when executing the query. – Álvaro González Apr 05 '23 at 18:29

1 Answers1

0

bindValue binds a value to a named placeholder in a SQL statement, it's better to use this form for perfomance and security, also with this method you can tell what type of data is expected. So in your exemple, you're saying that "$id" is the value of ":id" et the data type expected is a INT.

src: https://www.php.net/manual/en/pdostatement.bindvalue.php#:~:text=Description%20¶&text=Binds%20a%20value%20to%20a%20corresponding%20named%20or%20question%20mark,used%20to%20prepare%20the%20statement.

Nowbowdy
  • 36
  • 3