shadda/PDOTutorial.php

## PDOTutorial.php
<?php
	#########################
	#TEN SECOND PDO TUTORIAL#
	#########################

	//Connect, providing any parameters your connection requires, along with username and password
	$db = new PDO('mysql:host=localhost;db=ashleymadison.com;charset=uft8', 'user', 'pass');
	//Set the error mode so that it throws exceptions rather outputting an error
	$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

	try
	{
		//If your query doesn't require any params, just use ->query()
		$q = $db->query("SELECT * FROM cheaters_emails ORDER BY lerk");
		/*
		If you have params, its best to use a prepared statement
		Prepared statements have several advantages,
		The query and the parameters are sent separately, eliminating the need for quote functions/SQL sanitation
		That doesn't mean you don't need other forms of sanitation, like HTML tags or Javascript
		Additionally, since the query is evaluated separately, it gets cached by the Query Planner in your db,
		And you can use it again and again, with different variables
		*/
		$q = $db->prepare("SELECT * FROM boobie_pics WHERE name = :name AND breast_size >= :breast_size");

		/*
		A lot of tutorials will have you using things like ->bindValue or ->bindParam. Unless you have a very specific need
		I find that passing an array to execute works much better (less code)
		*/
		$q->execute([
			':name' => "lerk's wife",
			':breast_size' => 3.0
		]);

		/*
		For more granular control over certain values and their types
		you can use PDOStatement::bindValue, e.g.
		$q->bindValue(':foo', $foo, PDO::PARAM_INT)
		*/

		/*
		After an execute, if your query was a SELECT, you can fetch the data here
		Either in one fell swoop, or one by one. If you're expecting a lot of data
		it's best to do it one at a time, vs load the entire result set into memory
		at once
		*/

		//I usually prefer to fetch as an object, vs an array. It's less typing.
		$allData = $q->fetchAll(PDO::FETCH_OBJ);

		/*
		If you want to get them one at a time, PDO implements SPL
		and PDOStatement can be iterated. Note that by default
		your $row array will include the associative and numerically
		indexed keys, equivalent to PDO::FETCH_BOTH
		*/
		foreach($q as $row)
		{
			var_dump($row->name, $row->breast_size, $row->etc);
		}

		/*
		 * Additional notes
		 * Handling array types: https://chrisguitarguy.com/2019/10/08/working-with-postgresql-arrays-in-php/
		 * By default, parameters to prepared statement are treated as strings, so for types like boolean
		 * should explicitly cast your values in the SQL statement, e.g.
		 * UPDATE foo SET bar = :bar::bool
		 */
	}
	catch(PDOException $e)
	{
		/*
		If your query happens to throw an error, with PDO::ATTR_ERRMODE set to PDO::ERRMODE_EXCEPTION
		those errors will be thrown as exceptions, and can be 'caught' with varying degrees of specificity
		*/
		var_dump($e->getCode(), $e->getMessage());
	}
	<?php
	#########################
	#TEN SECOND PDO TUTORIAL#
	#########################

	//Connect, providing any parameters your connection requires, along with username and password
	$db = new PDO('mysql:host=localhost;db=ashleymadison.com;charset=uft8', 'user', 'pass');
	//Set the error mode so that it throws exceptions rather outputting an error
	$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

	try
	{
	//If your query doesn't require any params, just use ->query()
	$q = $db->query("SELECT * FROM cheaters_emails ORDER BY lerk");
	/*
	If you have params, its best to use a prepared statement
	Prepared statements have several advantages,
	The query and the parameters are sent separately, eliminating the need for quote functions/SQL sanitation
	That doesn't mean you don't need other forms of sanitation, like HTML tags or Javascript
	Additionally, since the query is evaluated separately, it gets cached by the Query Planner in your db,
	And you can use it again and again, with different variables
	*/
	$q = $db->prepare("SELECT * FROM boobie_pics WHERE name = :name AND breast_size >= :breast_size");

	/*
	A lot of tutorials will have you using things like ->bindValue or ->bindParam. Unless you have a very specific need
	I find that passing an array to execute works much better (less code)
	*/
	$q->execute([
	':name' => "lerk's wife",
	':breast_size' => 3.0
	]);

	/*
	For more granular control over certain values and their types
	you can use PDOStatement::bindValue, e.g.
	$q->bindValue(':foo', $foo, PDO::PARAM_INT)
	*/

	/*
	After an execute, if your query was a SELECT, you can fetch the data here
	Either in one fell swoop, or one by one. If you're expecting a lot of data
	it's best to do it one at a time, vs load the entire result set into memory
	at once
	*/

	//I usually prefer to fetch as an object, vs an array. It's less typing.
	$allData = $q->fetchAll(PDO::FETCH_OBJ);

	/*
	If you want to get them one at a time, PDO implements SPL
	and PDOStatement can be iterated. Note that by default
	your $row array will include the associative and numerically
	indexed keys, equivalent to PDO::FETCH_BOTH
	*/
	foreach($q as $row)
	{
	var_dump($row->name, $row->breast_size, $row->etc);
	}

	/*
	* Additional notes
	* Handling array types: https://chrisguitarguy.com/2019/10/08/working-with-postgresql-arrays-in-php/
	* By default, parameters to prepared statement are treated as strings, so for types like boolean
	* should explicitly cast your values in the SQL statement, e.g.
	* UPDATE foo SET bar = :bar::bool
	*/
	}
	catch(PDOException $e)
	{
	/*
	If your query happens to throw an error, with PDO::ATTR_ERRMODE set to PDO::ERRMODE_EXCEPTION
	those errors will be thrown as exceptions, and can be 'caught' with varying degrees of specificity
	*/
	var_dump($e->getCode(), $e->getMessage());
	}
No results found