开发者

what is oci_bind_by_name for?

what is oci_bind_by_name for? I read the php manual and cannot understand anything. Please someone explain it to me

look at this example :

$name = "O'Reilly";
$stid = oci_parse($mycon, 'INSERT INTO CUSTOMERS (NAME) VALUES (:nm)');
oci_bind_by_name($sti开发者_运维知识库d, ':nm', $name, -1);
oci_execute($stid);

what is -1 for?


It binds values to named parameters:

$name = "O'Reilly";
$stid = oci_parse($mycon, 'INSERT INTO CUSTOMERS (NAME) VALUES (:nm)');
oci_bind_by_name($stid, ':nm', $name, -1);
oci_execute($stid);

So when you run that query :nm will be O'Reilly. The -1 means, the bound value should be as long as the variable. It's the default value. You don't have to set it. As long as you are only binding existing variables, you don't need to bother.

You want to use this method because

Binding allows the database to reuse the statement context and caches from previous executions of the statement, even if another user or process originally executed it. Binding reduces SQL Injection concerns because the data associated with a bind variable is never treated as part of the SQL statement. It does not need quoting or escaping.

which means it is more secure and has better performance.


oci_bind_by_name method is specifying that the value for :nm is "O'Reilly" -1 is default value ... so need to bother. if you are specifying other value that will tell the method to have the length of the value in :nm.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜