<?php
/*load the files*/
require_once "DB.php";
require_once "DB_Connect.php";
/*
* Here is are some example of usage
* The table that we are working on has the following columns with auto increment on id:
* id | username | password | real_name
*
*/
$db = new DB(); // create the object
/*
* ######This class runs ONLY Parameterized SQL Queries#####
*/
/*
* WHAT IS PARAMETERIZED QUERY?
*
* Roughly, on parameterized queries the structure of the query is seperated from the parameters;
* It helps you improve:
* Security since SQL Injections are no more possible,
* Performance since parameterized are chached
* Organization and Maintance since the stucture is seperated from the data
*
*
* How to prepare Parameterized Queries?
*
* Well, it is not that different; The only thing is, that instead writing the variables inside the query
* you put ? as place holder.
* NOTE: You can't put ? as place holder for table name,column name or statements and etc.
*
* If you are confused, just look at the examples, its easy.
*
*/
//Here is the query, instead of writing a number for limit, we just put ? as placeholder
$query = "SELECT * FROM users LIMIT ?";
//And here is how to run it. 1.st parameter in $db->query() is the SQL query itself, and the 2.nd is the value for ?
$db->query($query,10); // This is equal to: SELECT * FROM users LIMIT 10
//You can have as many parameters as you want. Just put ? as place holder and then add a parameter for every ? in the same order
$db->query("SELECT * FROM users WHERE username = ? AND password = ? AND real_name = ? LIMIT ?","root","thepassword","smith",1);
//You don't have to put ? for every parameter.
$real_name = "smith";
$db->query("SELECT * FROM users WHERE real_name = ? LIMIT 1",$real_name);
//$db->query() Will return the result of the query as associated array
$result = $db->query("SELECT * FROM users LIMIT ?",10);
?><pre><?
?><br /><br />$result:<?
print_r($result);
//You can get the number of selected,inserted,deleted or updated rows in last query just like that:
$number_rows_for_the_last_query = $db->num_rows;
?><br /><br />$number_rows_for_the_last_query:<?
print($number_rows_for_the_last_query);
//OR you can run the query instantly and get the number:
$number_rows_for_the_query = $db->num_rows("SELECT * FROM users LIMIT ?",10);
?><br /><br />$number_rows_for_the_query:<?
print($number_rows_for_the_query);
//It works for insert,update and delete too:
$number_of_inserted_rows = $db->num_rows("INSERT INTO users(id,username,password,real_name) VALUES(NULL,?,?,?)",'smith123','qwerty','smith john');
?><br /><br />$number_of_inserted_rows:<?
print($number_of_inserted_rows);
// AND get the last insert id from the auto increment for the last query:
$last_insert_id = $db->insert_id;
?><br /><br />$last_insert_id:<?
print($last_insert_id);
// OR run the query and get the last insert id directly:
$last_insert_id = $db->insert_id("INSERT INTO users(id,username,password,real_name) VALUES(NULL,?,?,?)",'smith123','qwerty','smith john');
?><br /><br />$last_insert_id:<?
print($last_insert_id."<br />");
/*And lets see what is in the log*/
print_r($db->log);
?>
</pre>
|