使用PDO从MySQL数据库获取信息

Question

I'm trying to connect to a MySQL database using PHP (with PDO) but I'm not that familiar with PHP so I'm a little stuck. I'm trying to search one of my databases for all occurrences of $userid and then store the $crn associated with it in an array but I don't really know how to go about that. Here's what I have so far...

$sthandler = $conn->prepare('SELECT userid FROM users WHERE userid=' . $userid);
    $sthandler->execute(array('username'));

    if($sthandler->rowCount() > 0)
    {
        // User exists, get user's courses from database and returns array of CRNs
        for(int i = 0; i < rowCount; i++)
        {
            $sthandler = $conn->prepare('SELECT crn FROM usercourses WHERE userid=' . $userid);
            $sthandler->execute(array($USER => $crnArray));
        }            
    }

Answer 1

I advise you to check the documentation on PDO and PDOStatement for more detailed information.

I guess you're already connected to your database through PDO ? (else see PDO::__construct())

With a prepared query you better "bind" ($sthandler->bindParam()) your parameters instead of concatenating them, like so

$sthandler = $conn->prepare('SELECT userid FROM users WHERE userid= :user_id');
$sthandler->bindParam(':userid', $userid, PDO::PARAM_INT);

I don't quite understand the rest of your code though. Maybe isn't it complete. You make a loop on something that is supposed to always be a unique result (i hope for you, "userid" is a unique primary key).

If this loop is actually useless, then maybe you should consider making only 1 query to get both user and courses at the same time, by using a join between the tables :

SELECT u.userid, c.crn FROM users u INNER JOIN usercourses c ON u.userid = c.userid WHERE u.userid= :user_id

And from this result, get anything you want. Yes you will have duplicated data in your result (userid on each row of different courses), but it's still a better way than doing 2 seperate queries.

Consider using $sthandler->fetch() or $sthandler->fetchAll() to get every results and organize them into an array, as it suits you :

$rows = $sthandler->fetchAll(PDO::FETCH_ASSOC); // FETCH_ASSOC will return the results as array with columns' name as keys.
// Do your loop on the array $rows to process it

Or

while( $row = $sthandler->fetch(PDO::FETCH_ASSOC) ) {
     // do whatever you like with each row
}

Also take Darren's advice to wrap your PDO queries with try/catch to avoid any errors.

Answer 2

The point of PDO is to prevent concatenating the query string like you're currently doing. It's supposed to be used used to prepare the statements.

$sthandler = $conn->prepare('SELECT userid FROM users WHERE userid= :user_id');
if($sthandler->execute(array(':user_id' => $user_id))) {
    if($sthandler->rowCount() > 0)
    {
        // User exists, get user's courses from database and returns array of CRNs
        for(int $i = 0; $i < rowCount; $i++)
        {
            $sthandler = $conn->prepare('SELECT crn FROM usercourses WHERE userid= :user_id';
            $sthandler->execute(array(':user_id' => $user_id));
        }            
    }
}

You're trying to execute with random data in the arrays.

One more thing, you should wrap your queries in a try/catch statement, to handle any potential errors:

try {
    // run query and all
}
catch (PDOException $e){
    // echo out the error if there is one.
    echo $e->getMessage();
}

And the last note, while you're at it. You should explicitly turn on errors when constructing your PDO object!

$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);