1

I'm learning about parameterization and I see some queries use this notation :varname in the query being prepared and then binding like so: bindParam(':varname', $varvalue).

Then I see some where they just use ? in the query being prepared and then something like: bindParams('sd', $stringvalue, $doublevalue).

It seems like the latter version is, at least to some degree, "safer" since it forces/checks the types (strings/doubles/integers/blob). However, I like the first notation better and it might work better for some of the abstract things I'm doing since the question marks won't always be in an obvious order / position.

Any middle ground or is it one or the other?

Matthew
  • 15,282
  • 27
  • 88
  • 123

1 Answers1

0

You can't use both methods at the same time, because one is tied to the MYSQLi class and the other to the PDO class, which are two different things.

http://php.net/manual/de/mysqli-stmt.bind-param.php

http://de2.php.net/manual/en/pdostatement.bindparam.php

The first notation, which you are prefering, can only be used, when you connect to your database through the PDO class. And as you can see in the linked sites: It is possible to designate a data typ with this method too...

bekay
  • 1,800
  • 1
  • 12
  • 15