Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
Cursors in MySQL Stored Procedures
Feb 05, 2014 @ 18:48:43

On the SitePoint PHP blog there's a new tutorial showing how to use cursors in MySQL stored procedures via PHP. A cursor is a piece of functionality that lets you work with the data in the data found by the stored procedure.

With cursors, we can traverse a dataset and manipulate each record to accomplish certain tasks. When such an operation on a record can also be done in the PHP layer, it saves data transfer amounts as we can just return the processed aggregation/statistical result back to the PHP layer (thus eliminating the select – foreach – manipulation process at the client side).

He provides a more real-world situation to help illustrate their use - working with information about the Lakers basketball team. He includes an example of a stored procedure to find a "streak" of games that they've won (yearly too). A quick PHP script is included showing how to call the stored procedure and fetch the data. The PHP doesn't directly use the cursor, it's self-contained inside the stored procedure.

tagged: mysql stored procedures tutorial cursor

Link: http://www.sitepoint.com/cursors-mysql-stored-procedures/

SitePoint PHP Blog:
Stored Procedures in MySQL and PHP
Jan 06, 2014 @ 16:39:55

The SitePoint PHP blog has a new post today from Taylor Ren looking at the use of stored procedures in MySQL via PHP. He goes through some of the basics - advantages and disadvantages - but also provides some simple examples.

Put simply, a Stored Procedure ("SP") is a procedure (written in SQL and other control statements) stored in a database which can be called by the database engine and connected programming languages. In this tutorial, we will see how to create an SP in MySQL and execute it in MySQL server and in PHP. [...] SP are also available in other common database servers (Postgre for example) so what we will discuss here can be applied to those as well.

He starts off with some reasons why using stored procedures is recommended (in certain cases) and what they can do to help your application. He also lists a few drawbacks to their use, including that they're hard to version/backup. He shows you how to create a simple stored procedure for a "salary" table that selects the average (using "avg") salary and returns it to a "avg_sal" variable. He includes the full PHP code you'll need and the SQL to make it all work.

tagged: stored procedures mysql tutorial introduction

Link: http://www.sitepoint.com/stored-procedures-mysql-php

Ulf Wendel's Blog:
Using MySQL stored procedures with PHP mysqli
Nov 04, 2011 @ 16:39:18

Ulf Wendel has a new post today with details on using stored procedures with mysqli - not overly difficult if you know how to handle the IN, OUT and INOUT parameters. He includes a few code examples showing how to use them.

Out of curiosity I asked another friend, a team lead, how things where going with their PHP MySQL project, for which they had planned to have most of their business logic in stored procedures. I got an email in reply stating something along the lines: "Our developers found that mysqli does not support stored procedures correctly. We use PDO.". Well, the existing documentation from PHP 5.0 times is not stellar, I confess. But still, that’s a bit too much... it ain’t that difficult. And, it works.

He describes the three parameters (IN, OUT and INOUT) and gives some examples of setting/getting them from your SQL statements. They're all still set up using the query method on your connection as well as handling the result sets that come back and working with prepared statements.

tagged: mysql stored procedures mysqli database in out inout parameter

Link:

Gonzalo Ayuso's Blog:
Performance analysis of Stored Procedures with PDO and PHP
May 03, 2011 @ 13:38:32

Gonzalo Ayuso has posted the results of some testing he's done in using stored procedures in a PHP application. He compares the run time of two different scripts, one using prepared statements and one without, to see which would perform better in the long run.

Last week I had an interesting conversation on twitter about the usage of stored procedures in databases. Someone told stored procedure are evil. I'm not agree with that. Stored procedures are a great place to store business logic. In this post I'm going to test the performance of a small piece of code using stored procedures and using only PHP code.

In the end, the results showed that the stored procedures method was actually faster and used a bit less memory than the normal "plain PHP" method. It can be a bit more difficult to use than just a SQL statement in a string (properly escaped, of course) but can be worth the extra hassle when you need that performance boost.

tagged: performance stored procedures pdo benchmark

Link:

Brian Swan's Blog:
Do Stored Procedures Protect Against SQL Injection?
Feb 17, 2011 @ 17:46:14

Brian Swan has a new post answering a question he's gotten about the stored procedures that the SQL Server database includes and whether or not they help prevent SQL injections in your applications.

When I’ve asked people about their strategies for preventing SQL injection, one response is sometimes "I use stored procedures." But, stored procedures do not, by themselves, necessarily protect against SQL injection. The usefulness of a stored procedure as a protective measure has everything to do with how the stored procedure is written. Write a stored procedure one way, and you can prevent SQL Injection. Write it another way, and you are still vulnerable.

The short answer is "not always" but he gets into a more detailed answer with a sample login script and the SQL to create the stored procedure the "wrong way" (using the value dynamically in the SQL of the procedure) and the "right way" (assigning them directly like bound variables).

tagged: stored procedures sql injection security

Link:

9Lessons Blog:
Stored Procedure Lesson
Jul 05, 2010 @ 14:17:06

On the 9Lessons blog today there's a new post looking at stored procedures - how to create them and how to use them from your PHP code.

Are you writing Stored Procedures if not please take a look at this post. Stored procedures can help to improve web application performance and reduce database access traffic. In this post I want to explain how to create and call the stored procedures from database server.

He shows you how to create a sample table and stored procedure on the server side (selecting a username from a users table) and how it compares to a normal SQL query. Two different ways to input values into the procedure are shown as well.

tagged: tutorial stored procedure mysql

Link:

EasyTech Blog:
Executing PL/SQL code in Zend Framework
Oct 29, 2008 @ 16:15:17

On the EasyTech blog, there's a recent post for Zend Framework developers out there working with the Oracle database showing how to execute PL/SQL code from your Zend_Db queries.

Calling PL/SQL code from PHP can be tricky sometimes, specially when the PL/SQL procedure has input and output parameters. In this posting I will show you how to call a procedure from the PHP using Zend Framework. I will assume you have some experience using Zend Framework, specially the Database module (Zend_db).

He walks through the creation of a simple PL/SQL stored procedure and how to prepare your query to get results out of it (Zend_Db_Statement_Oracle and an execute call). There's a few stipulations you'll need to follow - named parameters, reserving space for the output and using references for output variables.

tagged: plsql oracle tutorial zendframework stored procedure

Link:

John Coggeshall's Blog:
Alan has smoked too much PHP
Nov 16, 2007 @ 13:58:00

In a new post to his blog today, John Coggeshall comments on some thoughts from Alan Knowles about a method for making PHP obsolete.

Alan, I think you were smoking way too much PHP when you wrote this post.. This in particular really surprised me to hear you say [that a module that made mysql stored procedure calls based on a URL and returned JSON could make PHP obsolete]. While I do understand the concept your explaining, I simply can't see how the model is practical at all for two big reasons.

His reasons involve not having a business case where an entire application is right there for the user to download and that its an insecure method for running an app.

tagged: json mysql stored procedure call json application json mysql stored procedure call json application

Link:

John Coggeshall's Blog:
Alan has smoked too much PHP
Nov 16, 2007 @ 13:58:00

In a new post to his blog today, John Coggeshall comments on some thoughts from Alan Knowles about a method for making PHP obsolete.

Alan, I think you were smoking way too much PHP when you wrote this post.. This in particular really surprised me to hear you say [that a module that made mysql stored procedure calls based on a URL and returned JSON could make PHP obsolete]. While I do understand the concept your explaining, I simply can't see how the model is practical at all for two big reasons.

His reasons involve not having a business case where an entire application is right there for the user to download and that its an insecure method for running an app.

tagged: json mysql stored procedure call json application json mysql stored procedure call json application

Link:

Maggie Nelson's Blog:
How to (and how not to) pass an array from PHP to the database
Jul 16, 2007 @ 16:13:00

In a new post today, Maggie Nelson starts with the wrong way to do something - passing an array from PHP to a database - and works backward to make it all right.

It would be really useful to have an easy way to pass arrays as bound parameters to queries or procedures from PHP. This would be especially useful if you're letting Oracle handle most of your data manipulating (as you should).

She includes an example of how she's like it to work. Sadly, it doesn't but there are some ways that a developer could get close. Here's her process:

  • No queries in loops, please!
  • In the ideal world...
  • Put all your DML in stored procedures.
  • str2tbl
  • The list_pkg package
  • list_pkg in your procedure
  • list_pkg in your PHP
  • Leveraging list_pkg

The list_pkg is based around this article from AskTom.

tagged: array bind query parameter listpkg stored procedure array bind query parameter listpkg stored procedure

Link:


Trending Topics: