Navigation:  Advantage Developer's Guide > Part III - Accessing Advantage Data > Chapter 19 - ODBC, PHP, DBI/Perl >

     Using Parameterized Queries in PHP

Advantage Database Server v8.1: A Developer’s Guide

by Cary Jensen and Loy Anderson

  © 2007 Cary Jensen and Loy Anderson. All rights reserved.

Previous pageReturn to chapter overviewNext page

Once you have established a connection, you invoke the ads_prepare function to prepare a parameterized query. This function takes two parameters. The first parameter is the connection resource obtained by calling ads_connect, and the second is a string containing the parameterized query.

Once you have prepared your parameterized query, you bind the parameters and execute the query by calling ads_execute. This function takes two parameters: the handle of the prepared statement returned from the ads_prepare function, and an array of values to bind to the parameters, based on their ordinal position within the query.

The execution of a parameterized query is demonstrated in the following listing, which contains the PHP statements from the getcustomer.php file:

$rConn = ads_connect( "DataDirectory=\\\\server\\share\\".
 "adsuser", "password" );
$rStmt = ads_prepare( $rConn, "SELECT * FROM customer ".
 "WHERE [Customer ID] = ?" );
$aParams = array( 1 => $_GET[ "custnumber" ] );
$rResult = ads_execute( $rStmt, $aParams );
if ( ads_fetch_row( $rStmt ) )
  $strFirstName = ads_result( $rStmt, "First Name" );
  $strLastName = ads_result( $rStmt, "Last Name" );
  $strAddress = ads_result( $rStmt, "Address" );
  echo "Name: " . $strFirstName . " " .
    $strLastName . "<br>";
  echo "Address: " . $strAddress . "<br>";
  echo "Invalid Customer Number! <br>";
ads_close( $rConn );

As you can see, once the connection is established, and the parameterized query is prepared, a single element array is constructed from the custnumber value passed in the query string of this HTTP GET request (if you used a POST action, you would have read this value using the $_POST PHP function). The query is then executed.

Following the execution of the query, ads_fetch_row is called to retrieve one record from the result set. Individual fields of this record are read using the ads_result function.

If you enter customer number 12037 in the Customer Number field of the Get a customer record HTML form of index.htm and click Submit, your browser will display the page shown in Figure 19-4.


Figure 19-4: Result from the parameterized query example