ODBC prepared statements in PHP

Question

I\'m trying to use odbc_prepare and odbc_execute in PHP as follows:

$pstmt=odbc_prepare($odb_con,\"select * from configured where param_name=\'?\'\");
$res=o         


        

Answer 1

when I read this paragraph

Any parameters in parameter_array which start and end with single quotes will be taken as the name of a file to read and send to the database server as the data for the appropriate placeholder.

If you wish to store a string which actually begins and ends with single quotes, you must add a space or other non-single-quote character to the beginning or end of the parameter, which will prevent the parameter from being taken as a file name. If this is not an option, then you must use another mechanism to store the string, such as executing the query directly with odbc_exec()).

It seems to me that it isn't necessary to add single quotes ' to a string, only if you really want to have the quotes as text in the DB

Therefore if I only want to insert the text, without the single quotes I would write something like that ...

see this example from odbc-prepare

http://www.php.net/manual/en/function.odbc-prepare.php

Use this example for IBM DB/2:

$q = "update TABLE set PASS=? where NAME=?";
$res = odbc_prepare ($con, $q);

$a = "secret"; $b="user";
$exc = odbc_execute($res, array($a, $b));

This would result in the following statement

$pstmt=odbc_prepare($odb_con,"select * from configured where param_name=?");

$name = "version";
$params = array($name);

$res=odbc_execute($pstmt,$params);
var_dump($res);  //bool(true)

$row = odbc_fetch_array($pstmt);
var_dump($row);  //bool(false)

See that I not only removed the qoutes for the value in the params array but also removed the qoutes in the SQL statement.

please give feedback if this was right