Solved

Transitioning to PDO/MySQL.  Need help  with SELECT statement.

Posted on 2014-12-07
2
87 Views
Last Modified: 2014-12-07
How do I transition this select statement to PDO with PHP?

$result1 = mysql_query("SELECT * FROM `product_description`");
while($row1 = mysql_fetch_assoc($result1))
{


mysql_query("INSERT INTO `product_description` (`product_id`, `name`, `description`, short_description) VALUES ('".mysql_real_escape_string($row1['product_id'])."','".mysql_real_escape_string($row1['name'])."','".mysql_real_escape_string($row1['description'])."','".mysql_real_escape_string($row1['short_desc'])."')");


}

Open in new window

0
Comment
Question by:lawrence_dev
2 Comments
 
LVL 58

Accepted Solution

by:
Gary earned 500 total points
ID: 40485785
<?php
$database_name = "";
$username = "";
$password = "";

$conn = new PDO('mysql:host=localhost;dbname='.$database_name, $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

// Get rows
$result = $conn->query("SELECT * FROM `product_description`");

// Prepare the update sql
$do_update = $conn->prepare("INSERT INTO `product_description` (`product_id`, `name`, `description`, `short_description`)
VALUES (:product_id, :name, :description, :short_desc)");

while ($row = $result->fetch(PDO::FETCH_ASSOC)){
{

	// Execute the update for each row
	$do_update->execute(array(
		':product_id'	=>	$row['product_id'],
		':name'		=>	$row['name'],
		':description'	=>	$row['description'],
		':short_desc'	=>	$row['short_desc']
	));
}

Open in new window

0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40485869
Here's an article covering most of the aspects of the conversion.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html

In the case of the SELECT statement, there are no changes needed at all.  Things only change when you use external variables as part of the query.  The article explains why and shows a few ways of making the transition from direct variable injection (into the query string) and indirect injection via parameterized queries or placeholders.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now