PHP - Long PDO Prepared Statement

I'm working with PDO for the first time and have a couple of questions I haven't been able to phrase correctly on Google to return any good answers.  Hoping someone here can help.

1.  Some of my statments are really long - for example:  $insertCustomer = $db->prepare(INSERT INTO CUSTOMERS (FirstName, MiddleName, LastName, Address, Address2, City, State, Zip, Phone, Email, DriversLicense, Birthday,Notes, EmergencyContact, EmergencyPhone, isCurrent, StartDate, PriceLevel, CanUseML, GetDiscount, CCW2, CCW) - when I add the values this makes for a very long line.  Is there away to do this multi-line for easier readability?

2. I'm putting my prepared statments in my config.php file, along with my database connection string - like this:
        $database = "mydb";
	$username = "myusername";
	$password = "mypassword";
	$db = new PDO("mysql:host=localhost;dbname=$database", $username, $password);
	// CUSTOMER PREPARED STATMENT (all Prepared statments the rest of the file)
	$insertCustomer = $db->prepare

Open in new window

Is this the correct way to use prepared statements in PDO?  

Thanks for your help!!!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ray PaseurCommented:
SQL queries are string variables.  You can safely list them on multiple lines.  The HEREDOC notation is useful for this.

Details of the right way to use prepared statements in PDO are given in this article.  It maps the familiar but obsolete MySQL extension to the modern supported extensions.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
F PCommented:
Remember when binding parameters, or using PDO in general with prepared statements, you're going to pass your SQL and variables with values separately to the class for it to handle and do what it needs before you execute the statement to return your result set. Your result set variable will have all the records returned into an object, array or standard class object, for you to iterate through. I like to use the ? over the :name style, but either works. After you've created the $db instance, you'd do something like this for an insert:

$stmt = $dbh->prepare("INSERT INTO REGISTRY (name, value) VALUES (?, ?)");
$stmt->bindParam(1, $name);
$stmt->bindParam(2, $value);

// insert one row
$name = 'one';
$value = 1;

// changing the value of the variable is ok here since you've already bound it to the PDO object and it knows to use the value you change it to in the next execute automagically.

// insert another row with different values
$name = 'two';
$value = 2;

Open in new window

slightlyoffAuthor Commented:
So sorry for the delay on rewarding this question.  I had to move on from the task at had, and totally forgot about it!  Haven't been back to experts-exchange since.  

Thanks for your help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.