PHP PDO (PHP Data Objects) to connect to a MySQL database and perform a query

In this example, we first define the database connection details and then create a PDO object to connect to the database. We also set the ATTR_ERRMODE attribute to ERRMODE_EXCEPTION so that PDO will throw exceptions if there are any errors.

Next, we prepare and execute a SELECT query using a prepared statement, passing in the value 1 as the parameter for the id column. We then fetch all the results using fetchAll() and store them in the $result variable.

Finally, we loop through the results and display them on the screen. Note that this is a very simple example, and you should always sanitize user input and use parameterized queries to prevent SQL injection attacks.

 
// Define database connection details
$host = "localhost";
$dbname = "mydatabase";
$username = "myusername";
$password = "mypassword";

// Create a PDO object to connect to the database
try {
    $pdo = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
    die("Error connecting to database: " . $e->getMessage());
}

// Prepare and execute a SELECT query
try {
    $stmt = $pdo->prepare("SELECT * FROM mytable WHERE id = ?");
    $stmt->execute(array(1));
    $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
} catch(PDOException $e) {
    die("Error executing query: " . $e->getMessage());
}

// Loop through the results and display them
foreach($result as $row) {
    echo "ID: " . $row['id'] . "";
    echo "Name: " . $row['name'] . "";
    echo "Email: " . $row['email'] . "";
}
?>

Here's an example of how to retrieve results from a PDO query as an object, and how to sanitize user input using parameterized queries

In this example, we first create a PDO object to connect to the database, as we did in the previous example.

We then prepare and execute a SELECT query using a parameterized query, which uses the :id placeholder to represent the value of the id column in the mytable table. We bind the value of the $id variable to the placeholder using bindParam(), which helps to sanitize the user input by preventing SQL injection attacks.

We retrieve the results of the query as objects using the FETCH_OBJ option for the fetchAll() method, which allows us to access the result fields using object properties, as we did in the foreach loop.

To sanitize user input when inserting records into the database, we use parameterized queries and bind the values of the $name and $email variables to the :name and :email placeholders, respectively. We again use the bindParam() method to ensure that the values are properly sanitized and prevent SQL injection attacks.

Note that the PDO::PARAM_STR constant is used to indicate that the parameter should be treated as a string, which is appropriate for the name and email fields. If you were binding an integer value, for example, you would use the PDO::PARAM_INT constant instead.

 
// Define database connection details
$host = "localhost";
$dbname = "mydatabase";
$username = "myusername";
$password = "mypassword";

// Create a PDO object to connect to the database
try {
    $pdo = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
    die("Error connecting to database: " . $e->getMessage());
}

// Prepare and execute a SELECT query using a parameterized query
try {
    $stmt = $pdo->prepare("SELECT * FROM mytable WHERE id = :id");
    $stmt->bindParam(':id', $id, PDO::PARAM_INT);
    $id = 1;
    $stmt->execute();
    $result = $stmt->fetchAll(PDO::FETCH_OBJ);
} catch(PDOException $e) {
    die("Error executing query: " . $e->getMessage());
}

// Loop through the results and display them
foreach($result as $row) {
    echo "ID: " . $row->id . "";
    echo "Name: " . $row->name . "";
    echo "Email: " . $row->email . "";
}

// Sanitize user input using parameterized queries
$name = $_POST['name'];
$email = $_POST['email'];

try {
    $stmt = $pdo->prepare("INSERT INTO mytable (name, email) VALUES (:name, :email)");
    $stmt->bindParam(':name', $name, PDO::PARAM_STR);
    $stmt->bindParam(':email', $email, PDO::PARAM_STR);
    $stmt->execute();
    echo "Record inserted successfully.";
} catch(PDOException $e) {
    die("Error executing query: " . $e->getMessage());
}
?>

Popular Posts
Recent Posts
Vue.js Tutorial: Dynamic Class Binding and Event Handling
Vue.js Tutorial: Dynamic...
13 Oct, 2024
Understanding Vue.js Basic Data Binding: A Step-by-Step Tutorial
Understanding Vue.js...
08 Oct, 2024
Understanding useState in React
Understanding useState...
22 Jan, 2024
Performing a Case-Insensitive String Comparison in Javascript
Performing a Case-Insensitive...
20 Jan, 2024
Categories
javascript( 52 ) php( 32 ) vue( 3 ) Laravel( 1 ) react( 1 )