PDO with INSERT INTO through prepared statements

You should be using it like so

<?php
$dbhost = 'localhost';
$dbname = 'pdo';
$dbusername = 'root';
$dbpassword = '845625';

$link = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbusername, $dbpassword);

$statement = $link->prepare('INSERT INTO testtable (name, lastname, age)
    VALUES (:fname, :sname, :age)');

$statement->execute([
    'fname' => 'Bob',
    'sname' => 'Desaunois',
    'age' => '18',
]);

Prepared statements are used to sanitize your input, and to do that you can use :foo without any single quotes within the SQL to bind variables, and then in the execute() function you pass in an associative array of the variables you defined in the SQL statement.

You may also use ? instead of :foo and then pass in an array of just the values to input like so;

$statement = $link->prepare('INSERT INTO testtable (name, lastname, age)
    VALUES (?, ?, ?)');

$statement->execute(['Bob', 'Desaunois', '18']);

Both ways have their advantages and disadvantages. I personally prefer to bind the parameter names as it’s easier for me to read.

Related Posts:

  1. PDOException SQLSTATE[HY000] [2002] No such file or directory
  2. PDOException SQLSTATE[HY000] [2002] No such file or directory
  3. PDO bindParam() with prepared statement isn’t working
  4. Creating a search form in PHP to search a database?
  5. How can I do ‘insert if not exists’ in MySQL?
  6. Commands out of sync; you can’t run this command now
  7. SQLSTATE[HY093]: Invalid parameter number: parameter was not defined
  8. How can I do ‘insert if not exists’ in MySQL?
  9. SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax — PHP — PDO [duplicate]
  10. Call to a member function on null?
  11. SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens on line 102
  12. ERROR: SQLSTATE[HY000] [2002] No connection could be made because the target machine actively refused it
  13. What is the advantage of using try {} catch {} versus if {} else {}
  14. Deprecated: mysql_query() [duplicate]
  15. Fatal error: Call to a member function query() on null
  16. How to log in to phpMyAdmin with WAMP, what is the username and password?
  17. Should I use mysqli_real_escape string() or mysql_real_escape_string() for form data?
  18. Fatal error: Call to undefined function mysql_connect()
  19. http://localhost:80 is not working on running Apache server through UniServer ZeroXIII
  20. Mysql query- How to use contains?
  21. Data source name not found, and no default driver specified
  22. mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in
  23. Invalid column count in CSV input on line 1 Error
  24. PHP Connection failed: SQLSTATE[HY000] [2002] Connection refused
  25. Invalid column count in CSV input on line 1 Error
  26. PHP Connection failed: SQLSTATE[HY000] [2002] Connection refused
  27. $wpdb->update or $wpdb->insert results in slashes being added in front of quotes
  28. phpMyAdmin: secret passphrase?
  29. Forbidden :You don’t have permission to access /phpmyadmin on this server
  30. Fatal error: Call to a member function bind_param() on boolean [duplicate]
  31. pdo – Call to a member function prepare() on a non-object
  32. MySqli Commands out of sync; you can’t run this command now
  33. Trying to get property of non-object in
  34. Fix Access denied for user ‘root’@’localhost’ for phpMyAdmin
  35. Getting connection failed: php_network_getaddresses: getaddrinfo failed: Name or service not known
  36. Lost connection to MySQL server at ‘reading initial communication packet’, system error: 0
  37. Cannot simply use PostgreSQL table name (“relation does not exist”)
  38. Are PDO prepared statements sufficient to prevent SQL injection?
  39. PDO closing connection
  40. PHP with MySQL 8.0+ error: The server requested authentication method unknown to the client
  41. How can I prevent SQL injection in PHP?
  42. Object of class DateTime could not be converted to string
  43. What does it mean to escape a string?
  44. Convert from MySQL datetime to another format with PHP
  45. MAMP “Apache couldn’t be started because port is in use.” AND “Can’t connect to local MySQL server through /tmp/mysql.sock
  46. mysqli::query(): Couldn’t fetch mysqli
  47. Unexpected Exception: SQLSTATE[HY000] [1045] Access denied for user ****@’localhost’ (using password: YES)
  48. Uncaught Error: Call to undefined function mysql_escape_string()
  49. Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in
  50. Warning: mysqli_query() expects parameter 1 to be mysqli, resource given
  51. MySQL query to get column names?
  52. What does MYSQLI_NUM mean and do?
  53. Mysql where id is in array
  54. select * from table where column = value ^ column2= value
  55. No query results for model [App\Products] Laravel
  56. mysqlworkbench giving version error on exporting database
  57. How to make DROP INDEX IF EXISTS for mysql?
  58. What is the meaning of sprintf(): Too few arguments
  59. Having a problem getting mysqli_query to execute
  60. CodeIgniter: Unable to connect to your database server using the provided settings Error Message
  61. Can I store images in MySQL 
  62. MySQL Daemon Failed to Start – centos 6
  63. How to insert TIMESTAMP into my MySQL table?
  64. How to remove index.php from WordPress site URL
  65. PHP Like thing similar to MySQL Like, for if statement?
  66. How get value from URL
  67. How to use Memcached with PHP7?
  68. select count(*) from table of mysql in php
  69. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ””)’ at line 2
  70. Transaction when using WP functions rather than vanilla SQL?
  71. How to get the list of WooCommerce product image of a certain category from database?
  72. How to make WordPress plugin check for database changes and then do something?
  73. How to Join two tables from separate databases within WordPress
  74. Would manually deleting the dumping data fix a “#1062 – Duplicate entry ‘1’ for key ‘PRIMARY'” phpMyAdmin error?
  75. register_activation_hook isn’t adding table to DB
  76. What SQL / WordPress queries would need a nonce?
  77. Importing Geo data into wordpress database
  78. WP_Query adds “(wp_posts.ID = ‘0’)” so no results are returned
  79. $wpdb->insert() does not Insert record in a table
  80. Use $wpdb or other PHP script method to find/replace in WP database
  81. How can I add a new row in a separate database when someone registers via WordPress?
  82. Pull MySQL data from multiple tables and merge into 1 PHP array
  83. Use variable in SQL statement
  84. mySQL queries are executed twice on wordpress website
  85. making php value numeric
  86. Database SQL query error
  87. How to run complex query using PHP
  88. How to get database connection details without longing to cpanel in WordPress?
  89. Inserting other fields to existing registration form in a WordPress theme
  90. SQL Query Search page
  91. can’t delete a row from post_meta table
  92. Conditional statement within WP SQL query
  93. MySQL: Invalid use of group function
  94. Mixing a PHP variable with a string literal
  95. php_network_getaddresses: getaddrinfo failed: Name or service not known (0) Failed To Connect..!
  96. Composer: Command Not Found
  97. Why won’t this wpdb get_results query return results?
  98. Display a number value from mysql query in WP
  99. Prepared DB Query from _POST array
  100. Possible SQL injection. How to locate and fix?

Leave a Comment