3

I need help to figure out what this sentence mean:

SELECT id, username, password FROM users WHERE email = ?LIMIT 1

I know what LIMIT 1 means but what the '= ?' is for ?

user2864740
  • 54,112
  • 10
  • 112
  • 187
TomLaflamme
  • 31
  • 1
  • 2
    The `?` represents a *placeholder* as used in mysqli or PDO prepared statements.. see http://stackoverflow.com/a/60496/2864740 (Presumably there should be a space in the query text as well after the `?`: `.. email = ? LIMIT 1`.) – user2864740 Apr 24 '14 at 23:38

2 Answers2

4

It's a prepared statement.

A prepared statement or a parameterized statement is used to execute the same statement repeatedly with high efficiency.

The prepared statement execution consists of two stages: prepare and execute. At the prepare stage a statement template is sent to the database server. The server performs a syntax check and initializes server internal resources for later use.

Prepare is followed by execute. During execute the client binds parameter values and sends them to the server. The server creates a statement from the statement template and the bound values to execute it using the previously created internal resources.

A prepared statement can be executed repeatedly. Upon every execution the current value of the bound variable is evaluated and sent to the server. The statement is not parsed again. The statement template is not transferred to the server again.

Every prepared statement occupies server resources. Statements should be closed explicitly immediately after use. If not done explicitly, the statement will be closed when the statement handle is freed by PHP.

Using a prepared statement is not always the most efficient way of executing a statement. A prepared statement executed only once causes more client-server round-trips than a non-prepared statement.

This example performs an INSERT query by substituting a name and a value for the positional ? placeholders.

<?php
$stmt = $dbh->prepare("INSERT INTO REGISTRY (name, value) VALUES (?, ?)");
$stmt->bindParam(1, $name);
$stmt->bindParam(2, $value);

// insert one row
$name = 'one';
$value = 1;
$stmt->execute();

I recommend reading that entire tutorial. You should also check out PDO.

Community
  • 1
  • 1
John Conde
  • 207,509
  • 96
  • 428
  • 469
1

Your query:

SELECT id, username, password FROM users WHERE email = ? LIMIT 1

? sign means placeholder.

I suppose, you use pdo. When you will execute your query

$email = // get some email
$stmt = $dbh->prepare("SELECT id, username, password FROM users WHERE email = ? LIMIT 1");
$stmt->bindParam(1, $email);

value of variable $email will be placed insetead of ? like:

SELECT id, username, password FROM users WHERE email = 'bob@gmail.com' LIMIT 1

You can find more information about it here

Sharikov Vladislav
  • 6,110
  • 4
  • 39
  • 78