Reputation: 2249
what is oci_bind_by_name for?
what is oci_bind_by_name for? I read the php manual and cannot understand anything. Please someone explain it to me
look at this example :
$name = "O'Reilly";
$stid = oci_parse($mycon, 'INSERT INTO CUSTOMERS (NAME) VALUES (:nm)');
oci_bind_by_name($stid, ':nm', $name, -1);
oci_execute($stid);
what is -1 for?
Upvotes: 7
Views: 7371
Answers (2)
Reputation: 316969
It binds values to named parameters:
$name = "O'Reilly";
$stid = oci_parse($mycon, 'INSERT INTO CUSTOMERS (NAME) VALUES (:nm)');
oci_bind_by_name($stid, ':nm', $name, -1);
oci_execute($stid);
So when you run that query :nm will be O'Reilly. The -1 means, the bound value should be as long as the variable. It's the default value. You don't have to set it. As long as you are only binding existing variables, you don't need to bother.
You want to use this method because
Binding allows the database to reuse the statement context and caches from previous executions of the statement, even if another user or process originally executed it. Binding reduces SQL Injection concerns because the data associated with a bind variable is never treated as part of the SQL statement. It does not need quoting or escaping.
which means it is more secure and has better performance.
Upvotes: 12
Reputation: 173
oci_bind_by_name method is specifying that the value for :nm is "O'Reilly" -1 is default value ... so need to bother. if you are specifying other value that will tell the method to have the length of the value in :nm.
Upvotes: 1
Related Questions
- oci_bind_by_name(): ORA-01036
- why oci_bind_by_name not working if inside oracle function
- Abnormal behaviour in OCI_BIND_BY_NAME
- oci_bind_by_name not working when unescaped works
- oci_bind_by_name() returns error
- php7, references and oci_bind_by_name
- oci_bind_by_name and to_date PHP/OCI/Oracle
- PHP OCI_BIND_BY_NAME NOT WORKING
- oci_bind_by_name RETURNING INTO truncates value
- Why is PHP's OCI8/Oracle oci_bind_array_by_name not working for me?