Menu
what is oci_bind_by_name for? I read the php manual and cannot understand anything. Please someone explain it to me
look at this example :
$name = "O'Reilly";
$stid = oci_parse($mycon, 'INSERT INTO CUSTOMERS (NAME) VALUES (:nm)');
oci_bind_by_name($stid, ':nm', $name, -1);
oci_execute($stid);
what is -1 for?
388
Any magically applied quotes will be written into your database because oci_bind_by_name() inserts data verbatim and does not remove quotes or escape characters. Note: If you bind a string to a CHAR column in a WHERE clause, remember that Oracle uses blank-padded comparison semantics for CHAR columns.
OCI8 Obsolete Aliases and Functions. oci_internal_debug — Enables or disables internal debug output.
It binds values to named parameters:
$name = "O'Reilly";
$stid = oci_parse($mycon, 'INSERT INTO CUSTOMERS (NAME) VALUES (:nm)');
oci_bind_by_name($stid, ':nm', $name, -1);
oci_execute($stid);
So when you run that query :nm will be O'Reilly. The -1 means, the bound value should be as long as the variable. It's the default value. You don't have to set it. As long as you are only binding existing variables, you don't need to bother.
You want to use this method because
Binding allows the database to reuse the statement context and caches from previous executions of the statement, even if another user or process originally executed it. Binding reduces SQL Injection concerns because the data associated with a bind variable is never treated as part of the SQL statement. It does not need quoting or escaping.
which means it is more secure and has better performance.
104
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
