Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP Integrating PHP with Databases Using Relational Tables Using a Prepared Statement

Posted by Naison Masiyashe
Naison Masiyashe
2,736 Points

how do i go about this,i dont even understand the requirements of the question

can someone explain to me on this

index.php 
<?php
function get_member() {
    include("connection.php");

    try {
      $results = $db->query(
          "SELECT member_id, email, fullname, level
          FROM members"
      );
    } catch (Exception $e) {
      echo "bad query";
    }

    $members = $results->fetch();
    return $members;
}

1 Answer

Simon Coates
Simon Coates
28,694 Points
Simon Coates
Simon Coates
28,694 Points

It accepts:

<?php
function get_member($member_id) {
    include("connection.php");

    try {
      $results = $db->prepare(
          "SELECT member_id, email, fullname, level
          FROM members where member_id = ?"
      );
      $results->bindParam(1, $member_id);
      $results->execute();
    } catch (Exception $e) {
      echo "bad query";
    }

    $members = $results->fetchAll();
    return $members;
}

First alteration is to accept a parameter to the method. Then you replace the call to query with a call to prepare, with a sql string that includes a placeholder. You bind the parameter into the placeholder (1 based index), then run execute. (ideally, bind param should have a third parameter specifying the type of value being bound)