Danishan
Reputation: 65
Prepared Statements MYSQL to MYSQLI
How do i change the following outdated line of code into a prepared statement, i have attempted via reading some tutorials but i cant seem to comprehend?
$result = mysql_query("SELECT * from asset_records WHERE a_catagory LIKE '%Desktop%' GROUP BY a_make;") or die(mysql_error());
while($row = mysql_fetch_array( $result )) {
echo '<li>';
echo "<a href='index.php? sc1=Desktop & sc2=a_make & sc3=". $row['a_make'] ."'>";
echo ' <span> ' . $row['a_make'] . '</span></a></td></li>'; }
echo "</ul></li>";
Thanks
Upvotes: 1
Views: 50
Answers (2)
Daan
Reputation: 12236
For PDO (if you change your mind):
$conn = new PDO("mysql:host=your_host;dbname=your_db",$user,$pass);
$query = "SELECT * FROM asset_records WHERE a_category LIKE '%Desktop%' GROUP BY a_make";
$result = $connection->prepare($query);
$result->execute();
while($row = $result->fetch()) {
// DATA HERE
}
Upvotes: 0
Ohgodwhy
Reputation: 50777
Typically, prepared statements are used when user input is to be accepted.
In this case, you aren't accepting any user input and therefore a standard query is all you'll need, as there's no risk of SQL Injection.
$mysqli = new mysqli('host', 'user', 'pass', 'db');
$result = $mysqli->query("SELECT * from asset_records WHERE a_catagory LIKE '%Desktop%' GROUP BY a_make");
if($result):
while($row = $result->fetch_array(MYSQLI_ASSOC)):
echo '<li>';
echo "<a href='index.php? sc1=Desktop & sc2=a_make & sc3=". $row['a_make'] ."'>";
echo ' <span> ' . $row['a_make'] . '</span></a></td></li>'; }
echo "</ul></li>";
endwhile;
endif;
Upvotes: 3