php - Learning SELECT FROM WHERE prepared statements

Question

Can someone re-write the below code as a prepared statement?

result = mysqli_query($con,"SELECT * FROM note_system WHERE note = '$cnote'") 
or die("Error: ".mysqli_error($con));

while($row = mysqli_fetch_array($result))
{
$nid = $row['id']; 

}

I am trying to learn prepared statements and am having trouble understanding how it works from the many examples I have found while searching. I am hoping that if I see some code I am familiar with re-written as a prepared statement that it might click for me. Please no PDO, that is too confusing for me at my current level of knowledge. Thanks.

Answer 1

Hello ButterDog let me walk you through PDO step by step.

Step 1)

create a file called connect.php (or what ever you want). This file will be required in each php file that requires database interactions.

Lets start also please note my comments :

?php

//We set up our database configuration
$username="xxxxx"; // Mysql username
$password="xxxxx"; // Mysql password


// Connect to server via PHP Data Object
$dbh = new PDO("mysql:host=xxxxx;dbname=xxxxx", $username, $password); // Construct the PDO variable using $dbh
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // Set attributes for error reporting very IMPORTANT!
$dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, FALSE); // Set this to false so you can allow the actual PDO driver to do all the work, further adding abstraction to your data interactions.
?>

Step 2) Require the connect.php please take a look :

require ('....../........./...../connect.php'); // Require the connect script that made your PDO variable $dbh

Step 3)

to start database interactions just do the following also please read the code comments. For the moment we will not worry about arrays! Get the full gyst of PDO then worry about making it easier to work with! With repetition the "long way" comes more understanding of the code. Do not cut corners to begin with, cut them once you understand what you are doing!

$query = $dbh->prepare("SELECT * FROM note_system WHERE note = :cnote"); // This will call the variable $dbh in the required file setting up your database connection and also preparing the query!

$query->bindParam(':cnote', $cnote); // This is the bread and butter of PDO named binding, this is one of the biggest selling points of PDO! Please remember that now this step will take what ever variable ($cnote) and relate that to (:cnote)

$query->execute(); // This will then take what ever $query is execute aka run a query against the database

$row = $query->fetch(PDO::FETCH_ASSOC); // Use a simple fetch and store the variables in a array

echo $row['yourvalue']; // This will take the variable above (which is a array) and call on 'yourvalue' and then echo it.

Thats all there is to PDO. Hope that helped!

Also take a look at this. That helped me so so much!

I also use this as a reference (sometimes) - The web site looks like crap but there is quality information on PDO on there. I also use this and I swear this is the last link! So after this any questions just ask, but hopefully this can turn into a little reference guide on PDO. (hopefully lol)