[PHP-DB] Prepared Statements

2011-11-11 Thread Ron Piggott 

I have two questions about Prepared Statements from the code below:

#1:
The purpose of the first $query is to determine if the authorization code 
supplied is both accurate and also live
- When the authorization code is generated it is given a time frame when it 
must be used in.  The columns `start_date` and  `end_date` are both DATETIME.  
This is why I am using NOW() to check the “shelf life”.

My question: Is there a better way to confirm the record was found than using:

if ( $row['authorization_code'] == $authorization_code ) {

In another way of executing a mySQL database query using PHP I can count the # 
rows the result brought with the command “mysql_numrows”.  I don’t know how to 
do this in Prepared Statements.  I wonder if comparing the # of rows found is a 
better method? or what other programmers are using?

#2:
How can I tell if the UPDATE $query executed successfully?  I am wanting to do 
something like: 

echo “Update Successful – No changes were required during this review”; 

if the UPDATE is successful --- otherwise I need to direct the user to try 
again with a different message:

echo “Update was unsuccessful – Follow this link to try again”;



I am still getting use to Prepared Statements, this is why I am asking these 
questions --- Thank you for helping me.  Ron

===

?php

$dsh = 'mysql:host=localhost;dbname='.$database; 
$dbh = new PDO($dsh, $username, $password); 

#query for the authorization code

$query = SELECT `authorization_code` FROM 
`directory_listing_update_authorizations` WHERE NOW() BETWEEN `start_date` AND 
`end_date` AND `authorization_code` = :authorization_code AND 
`directory_entries_reference` = :directory_entries_reference LIMIT 1;;

$stmt = $dbh-prepare($query);

$stmt-bindValue(':directory_entries_reference', $directory_entries_reference, 
PDO::PARAM_STR);
$stmt-bindValue(':authorization_code', $authorization_code, PDO::PARAM_STR);

$stmt-execute() or die(print_r($stmt-errorInfo(), true));

while ($row = $stmt-fetch()) {

if ( $row['authorization_code'] == $authorization_code ) {

#update directory_entries.last_review with today's date

$query = UPDATE `directory_entries` SET `last_review` = NOW() WHERE 
`reference` = :directory_entries_reference LIMIT 1;;

$stmt = $dbh-prepare($query);

$stmt-bindValue(':directory_entries_reference', 
$directory_entries_reference, PDO::PARAM_STR);

$stmt-execute() or die(print_r($stmt-errorInfo(), true));

} else {

#failure, direct user to request new authorization code or login 
manually

}

}

www.TheVerseOfTheDay.info

Re: [PHP-DB] Prepared Statements

2011-11-11 Thread Matijn Woudt 
On Fri, Nov 11, 2011 at 5:41 PM, Ron Piggott
ron.pigg...@actsministries.org wrote:

 I have two questions about Prepared Statements from the code below:

 #1:
 The purpose of the first $query is to determine if the authorization code 
 supplied is both accurate and also live
 - When the authorization code is generated it is given a time frame when it 
 must be used in.  The columns `start_date` and  `end_date` are both DATETIME. 
  This is why I am using NOW() to check the “shelf life”.

 My question: Is there a better way to confirm the record was found than using:

 if ( $row['authorization_code'] == $authorization_code ) {

This check doesn't make sense, since you're SQL query already checks
this, and won't return rows where $row['authorization_code'] !=
$authorization_code


 In another way of executing a mySQL database query using PHP I can count the 
 # rows the result brought with the command “mysql_numrows”.  I don’t know how 
 to do this in Prepared Statements.  I wonder if comparing the # of rows found 
 is a better method? or what other programmers are using?

$stmt-rowCount(); will return the number of rows. I would recommend
this way of checking.


 #2:
 How can I tell if the UPDATE $query executed successfully?  I am wanting to 
 do something like:

 echo “Update Successful – No changes were required during this review”;

 if the UPDATE is successful --- otherwise I need to direct the user to try 
 again with a different message:

 echo “Update was unsuccessful – Follow this link to try again”;

$stmt-execute() will return either true or false, depending on if the
query was successfully executed. Currently, you're code will print an
error with some error info and terminate the script. You're probably
looking for something like this:
if($stmt-execute()) {
echo “Update Successful – No changes were required during this review”;
} else {
 echo “Update was unsuccessful – Follow this link to try again”;
}




 I am still getting use to Prepared Statements, this is why I am asking these 
 questions --- Thank you for helping me.  Ron

Hope this helps you out. Feel free to ask for more help.

Matijn

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php