|
1 | 1 | --- |
2 | 2 | title: "PDO::prepare | Microsoft Docs" |
3 | 3 | ms.custom: "" |
4 | | -ms.date: "04/25/2019" |
| 4 | +ms.date: "01/31/2020" |
5 | 5 | ms.prod: sql |
6 | 6 | ms.prod_service: connectivity |
7 | 7 | ms.reviewer: "" |
@@ -133,6 +133,33 @@ print_r($row); |
133 | 133 | ?> |
134 | 134 | ``` |
135 | 135 |
|
| 136 | +## Example |
| 137 | +The examples below show two different snippets how to use PDO::prepare with data targeted for CHAR/VARCHAR columns. Because the default encoding for PDO::prepare is UTF-8, the user can use the option `PDO::SQLSRV_ENCODING_SYSTEM` to avoid implicit conversions. |
| 138 | + |
| 139 | +**Option 1** |
| 140 | +``` |
| 141 | +$options = array(PDO::SQLSRV_ATTR_ENCODING => PDO::SQLSRV_ENCODING_SYSTEM); |
| 142 | +$statement = $pdo->prepare( |
| 143 | + 'SELECT * |
| 144 | + FROM myTable |
| 145 | + WHERE myVarcharColumn = :myVarcharValue', |
| 146 | + $options |
| 147 | +); |
| 148 | +
|
| 149 | +$statement->bindValue(':myVarcharValue', 'my data', PDO::PARAM_STR); |
| 150 | +``` |
| 151 | + |
| 152 | +**Option 2** |
| 153 | +``` |
| 154 | +$statement = $pdo->prepare( |
| 155 | + 'SELECT * |
| 156 | + FROM myTable |
| 157 | + WHERE myVarcharColumn = :myVarcharValue' |
| 158 | +); |
| 159 | +$p = 'my data'; |
| 160 | +$statement->bindParam(':myVarcharValue', $p, PDO::PARAM_STR, 0, PDO::SQLSRV_ENCODING_SYSTEM); |
| 161 | +``` |
| 162 | + |
136 | 163 | <a name="emulate-prepare" /> |
137 | 164 |
|
138 | 165 | ## Example |
@@ -211,6 +238,52 @@ The PDO_SQLSRV driver first checks the encoding specified in `PDO::bindParam()` |
211 | 238 |
|
212 | 239 | If not found, the driver checks if any encoding is set in `PDO::prepare()` or `PDOStatement::setAttribute()`. Otherwise, the driver will use the encoding specified in `PDO::__construct()` or `PDO::setAttribute()`. |
213 | 240 |
|
| 241 | +In addition, beginning with version 5.8.0, when using PDO::prepare with `PDO::ATTR_EMULATE_PREPARES` set to true, the user may use [the extended string types introduced in PHP 7.2](https://wiki.php.net/rfc/extended-string-types-for-pdo) to ensure that the `N` prefix is used. The snippets below display various alternatives. |
| 242 | + |
| 243 | +> [!NOTE] |
| 244 | +> By default, emulate prepares is set to false, in which case the extended PDO string constants will be ignored. |
| 245 | +
|
| 246 | +**Using driver option PDO::SQLSRV_ENCODING_UTF8 when binding** |
| 247 | + |
| 248 | +``` |
| 249 | +$p = '가각'; |
| 250 | +$sql = 'SELECT :value'; |
| 251 | +$options = array(PDO::ATTR_EMULATE_PREPARES => true); |
| 252 | +$stmt = $conn->prepare($sql, $options); |
| 253 | +$stmt->bindParam(':value', $p, PDO::PARAM_STR, 0, PDO::SQLSRV_ENCODING_UTF8); |
| 254 | +$stmt->execute(); |
| 255 | +``` |
| 256 | + |
| 257 | +**Using the PDO::SQLSRV_ATTR_ENCODING attribute** |
| 258 | + |
| 259 | +``` |
| 260 | +$p = '가각'; |
| 261 | +$sql = 'SELECT :value'; |
| 262 | +$options = array(PDO::ATTR_EMULATE_PREPARES => true, PDO::SQLSRV_ATTR_ENCODING => PDO::SQLSRV_ENCODING_UTF8); |
| 263 | +$stmt = $conn->prepare($sql, $options); |
| 264 | +$stmt->execute([':value' => $p]); |
| 265 | +``` |
| 266 | + |
| 267 | +**Using the PDO constant PDO::PARAM_STR_NATL** |
| 268 | +``` |
| 269 | +$p = '가각'; |
| 270 | +$sql = 'SELECT :value'; |
| 271 | +$options = array(PDO::ATTR_EMULATE_PREPARES => true); |
| 272 | +$stmt = $conn->prepare($sql, $options); |
| 273 | +$stmt->bindParam(':value', $p, PDO::PARAM_STR | PDO::PARAM_STR_NATL); |
| 274 | +$stmt->execute(); |
| 275 | +``` |
| 276 | + |
| 277 | +**Setting the default string param type PDO::PARAM_STR_NATL** |
| 278 | +``` |
| 279 | +$conn->setAttribute(PDO::ATTR_DEFAULT_STR_PARAM, PDO::PARAM_STR_NATL); |
| 280 | +$p = '가각'; |
| 281 | +$sql = 'SELECT :value'; |
| 282 | +$options = array(PDO::ATTR_EMULATE_PREPARES => true); |
| 283 | +$stmt = $conn->prepare($sql, $options); |
| 284 | +$stmt->execute([':value' => $p]); |
| 285 | +``` |
| 286 | + |
214 | 287 | ### Limitations |
215 | 288 |
|
216 | 289 | As you can see, binding is done internally by the driver. A valid query is sent to the server for execution without any parameter. Compared to the regular case, some limitations result when the parameterized query feature is not in use. |
|
0 commit comments