$conditions = [];
$parameters = [];
// conditional statements
if (!empty($_GET['name']))
{
// here we are using LIKE with wildcard search
// use it ONLY if really need it
$conditions[] = 'name LIKE ?';
$parameters[] = '%'.$_GET['name']."%";
}
if (!empty($_GET['age']))
{
// here we are using equality
$conditions[] = 'age = ?';
$parameters[] = $_GET['age'];
}
$sql = "SELECT * FROM users";
// a smart code to add all conditions, if any
if ($conditions)
{
$sql .= " WHERE ".implode(" AND ", $conditions);
}
// the usual prepare/bind/execute/fetch routine
$stmt = $mysqli->prepare($sql);
$stmt->bind_param(str_repeat("s", count($parameters)), ...$parameters);
$stmt->execute();
$b = $stmt->get_result()->fetch_all(MYSQLI_ASSOC);
if($b) {
print_r($b);
} else {
echo "0 results";
}
$b = $conn->query("SELECT * FROM users WHERE name = 'alex'")->fetch_all(MYSQLI_ASSOC);
if($b) {
print_r($b);
} else {
echo "0 results";
}
SELECT a.* FROM actions a, actions_books ab WHERE a.id= ab.aid and ab.book_id=?
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$link = mysqli_connect($host, $login, $password, $database_name);
if (!empty($_POST['id'])){
echo 'Вы ввели ' . $_POST['id'];
$stmt = $link->prepare("INSERT INTO `single` (`id`) VALUES (?)");
$stmt->bind_param("s", $_POST['id']);
$stmt->execute();
}
function AddTable($data)
{
global $DB;
$query = 'INSERT INTO table (title) VALUES (?)';
$stmt = $DB->prepare($query);
$stmt->bind_param('s', $data['title']);
$stmt->execute();
return $DB->insert_id;
}
self::$cont = new PDO(
"mysql:host=".self::$dbHost.";"."dbname=".self::$dbName,
self::$dbUsername,
self::$dbUserPassword,
[ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]);
$sql = 'SELECT * FROM users WHERE login=?';
$query = $pdo->prepare($sql);
$query->execute([$login]);
$user= $query->fetch();
if ($user) {
// вывести ошибку "такой пользователь уже зарегистрирован".
} else {
// твой код на вставку
}
$sth = $dbh->prepare('SELECT * FROM table WHERE col = :col');
$sth->execute(['col' => $col]);