PHP / MySQL declarations. How can I turn this into a prepared statement?

$query = 'INSERT INTO user_answer (facebook_id, answer_id) VALUES (' . $i . ',' . $randAnswer . ')';
$dbh->exec($query);

I have this code, and now am required to turn it into a prepared statement using PDO::bindValue() and maybe PDO::prepare(). Looking at the examples, I'm not sure how to go about this. Where does the :name come from and why are you putting it in the bindValue part?


In your case it would look something like this:

$st = $dbh->prepare("INSERT INTO user_answer (facebook_id, answer_id) VALUES (:facebook_id, :answer_id)");

$st->execute(array('facebook_id' => $i, 'answer_id' => $randAnswer));

You might want to read a tutorial or two to get an idea how to use PDO effectively. The PDO documentation is also pretty good.

The general idea here is to put in things like :name where the name value goes, and then pass in an array that defines what name maps to.