I have been crucified by many people for still using the old 'method' mysql_query() also I am in the process of launching my website which took me 4-months to complete and I would like to have maximum security for it.
So I thought now is probably the best time to get rid of the old habit and start using the new methods.
I have scanned over some tutorials but I have to admit it does seem rather (very) complicated compared to mysql_query()
The best way to learn is probably through example, so Im hoping someone would be kind enough to change the following example for me to a PDO and a MYSQLI statement so that I can see the difference between the two. If a brief explanation can be included it will be greatly appreciated...
Also what do you recommend is the easiest to learn? Mysqli or PDO
$sql="select * from Multiple_Picks where event_id = '$matchId' and
pick='$winner' and
abs(score-$winScore) = (select min(abs(score-$winScore)) from Multiple_Picks
where pick = '$winner' );";
$result = mysql_query($sql) or trigger_error(mysql_error()." in ".$sql);
while($row = mysql_fetch_array($result)){
//if(isset($row['member_nr'])){
$winingMember = $row['member_nr'];
$event = $row['event_id'];
$pick = $row['pick'];
$score = $row['score'];
$tournament=$row['tournament'];
$round=$row['round'];
}
Thanks for reading
this helps you
using mysqli:
$con = mysqli_connect("localhost",$username,$password,$dbname);
$fetch=mysqli_query($con,'select * from Multiple_Picks where event_id = '$matchId' and
pick='$winner' and
abs(score-$winScore) = (select min(abs(score-$winScore)) from Multiple_Picks
where pick = '$winner' );');
while( $row=mysqli_fetch_assoc($fetch))
{
$winingMember = $row['member_nr'];
$event = $row['event_id'];
$pick = $row['pick'];
$score = $row['score'];
$tournament=$row['tournament'];
$round=$row['round'];
}
using PDO
<?php
/*** mysql hostname ***/
$hostname = 'localhost';
/*** mysql username ***/
$username = 'username';
/*** mysql password ***/
$password = 'password';
try {
$dbh = new PDO("mysql:host=$hostname;dbname=animals", $username, $password);
/*** echo a message saying we have connected ***/
echo 'Connected to database<br />';
/*** The SQL SELECT statement ***/
$sql = "select * from Multiple_Picks where event_id = '$matchId' and
pick='$winner' and
abs(score-$winScore) = (select min(abs(score-$winScore)) from Multiple_Picks
where pick = '$winner' );";
/*** fetch into an PDOStatement object ***/
$stmt = $dbh->query($sql);
/*** echo number of columns ***/
$result = $stmt->fetch(PDO::FETCH_ASSOC);
/*** loop over the object directly ***/
foreach($result as $key=>$val)
{
echo $key.' - '.$val.'<br />';
}
/*** close the database connection ***/
$dbh = null;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
?>