Home » Php » php – What does a colon before a literal in an SQL statement mean?

php – What does a colon before a literal in an SQL statement mean?

Posted by: admin July 12, 2020 Leave a comment

Questions:

What does it mean to use “:” before a variable ?

For example, :userId in this code:

public function removeUser($userId)
{
 $command = Yii::app()->db->createCommand();
 $command->delete(
 'tbl_project_user_assignment',
 'user_id=:userId AND project_id=:projectId',
 array(':userId'=>$userId,':projectId'=>$this->id));
}

This is PHP,MySQL code in Yii framework.

How to&Answers:

The colon is a common character that indicates a placeholder for a variable value in a SQL statement. In this case, the those placeholders are getting replaced by the value of userId and project_id at runtime. This is great for avoiding SQL injection vulnerabilities.

Answer:

:userId is a placeholder

According to Yii’s documentation for SQL statement:

For a prepared statement using named placeholders, this will be a
parameter name of the form :name.

Answer:

As thaidiotguy mentions, it’s a character commenly used with prepared statements especially with PDO. In PDO the colon tells that the following is a named parameter.