Colon with column name in php

Question

I have a seen a mysql code that looks like this

select * from customer
where name = :name;

In Mysql using colons in front of the value is not permitted, my assumption is the query is provided with a colon to bind it with PHP functions.

What I am looking for is which function is used to bind the queries with colons?

So far I have checked mysqli_stmt_bind_param but mechanism used to replace parameter with value is question mark and not colon.

Answer 1

You're correct with the binding, but there are two ways;

• ? - a simple placeholder, which you would bind with numerical indexes. For example;

$sql = "INSERT INTO `foo` (`bar`,`baz`) VALUES (?, ?)";
$smt = $pdo->prepare($sql);
$smt->bindParam(1, $bar);
$smt->bindParam(2, $baz);
// ...

• :foo - a simple placeholder, which you would bind with a string index. For example;

$sql = "INSERT INTO `foo` (`bar`,`baz`) VALUES (:bar, :baz)";
$smt = $pdo->prepare($sql);
$smt->bindParam(':bar', $bar);
$smt->bindParam(':baz', $baz);
// ...

There are two database APIs available that involve binding;

• PDO
• MySQLi

You can see this article by "Use the Index, Luke" to see how binding is actually done.

Answer 2

Here is an example taken from php.net:

<?php
/* Execute a prepared statement by binding PHP variables */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
    FROM fruit
    WHERE calories < :calories AND colour = :colour');
$sth->bindParam(':calories', $calories, PDO::PARAM_INT);
$sth->bindParam(':colour', $colour, PDO::PARAM_STR, 12);
$sth->execute();
?>

You should try searching on Google before asking here as this is simple function call.

For more details, please check: http://php.net/manual/en/pdostatement.bindparam.php