Advanced
MySQL & PDO
Topic 13 of 13
PHP
<?php
// PDO connection
$dsn = "mysql:host=localhost;dbname=myapp;charset=utf8mb4";
$pdo = new PDO($dsn, 'root', 'password', [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
]);
// SELECT โ always use prepared statements
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = :email");
$stmt->execute(['email' => $email]);
$user = $stmt->fetch();
$users = $stmt->fetchAll();
// INSERT
$stmt = $pdo->prepare("INSERT INTO users (name, email) VALUES (:name, :email)");
$stmt->execute(['name' => $name, 'email' => $email]);
$id = $pdo->lastInsertId();
// Transaction
$pdo->beginTransaction();
try {
$pdo->prepare("UPDATE accounts SET balance=balance-? WHERE id=?")
->execute([100, $from]);
$pdo->commit();
} catch (Exception $e) {
$pdo->rollBack();
}โ ๏ธ NEVER do this
$pdo->query("SELECT * FROM users WHERE id=" . $_GET['id']) โ direct SQL injection vulnerability. Always use prepare() + execute() with bound params.