SQLITE BABY STEPSSmall Steps for Huge Success

WTF is PDO?

• PHP Data Object

• An abstraction of your database driver

• An object you can use to talk to just about any

database

What can I do with PDO?

• Use prepared statements (the main subject of

this presentation)

• Prevent some SQL injection attacks

• Develop using SQLite, but run production with

MySQL or PostgreSQL

Creating/Connecting

• Instantiate the PDO object with a dsn

• Examples:

• $db = new PDO(‘sqlite::memory:’);

• $db = new

PDO(‘mysql:host=localhost;dbname=test’);

prepare, bind, execute, fetch

Most queries follow the same pattern:

• prepare() — $stmt = $db->prepare($sql);

• bind() — $stmt->bind(‘:input’, $variable);

• execute() — $stmt->execute();

• fetch() — $stmt->fetchAll(); or $stmt->fetch();

prepare

• Creates a prepared statement for execution

• Allows for inputs for the query that aren’t

available in code yet

• Great way to separate queries and data model

from implementation and usage

bind

• Binds the input in a prepared statement to the

pointer of a variable

• Variable does not have to be defined

• Not required

execute

• Executes the prepared statement on the

database

• Returns true if it passes, false if it fails

• Can take an array of input parameters to be

used with the prepared statement

fetch(all)

• Fetches the results

• fetch() and fetchAll() are two ways to fetch

results

• Is a cursor and can be iterated over

• Takes a fetch type as an input,

PDO::FETCH_ASSOC is my favorite

–Bruce Buffer

“It’s time!!!”

What’re we going to do?

Questions?

References

• github project — https://github.com/wscoble/phpug-

pdo101

• twitter — twitter.com/lvcodesmith

• google+ — plus.google.com/+ScottScoble

• LinkedIn — linkedin.com/in/scottscoble