PDO::PARAM_INT is important in bindParam?

Question

Add PDO::PARAM_INT or PDO::PARAM_STR have any meaning in Mysql query?

$sql  = \'SELECT TagId FROM tagthread WHERE ThreadId = :Threa         


        

Answer 1

Edit: Depends! See Your Common Sense comment below.

If the value is a integer it should be treated as an integer. Apply this with as many datatypes as possible.

If you don't set the Attribute of PDO::ATTR_EMULATE_PREPARES to false, you will get a nasty error.

Solid example:

$stmt = $dbh->prepare("SELECT * FROM table123 WHERE raw_field = :field LIMIT 1 OFFSET :offset;");
$stmt->bindParam(':field',  $field);
$stmt->bindParam(':offset', $offset);

if ($map_stmt->execute())
{
    $data = stmt->fetch(PDO::FETCH_ASSOC);
}
else
{
    echo 'Error :';
    echo '
';
    print_r($map_stmt->errorInfo());
    print_r($map_stmt->debugDumpParams());
    echo '
';
}

Will return back a nasty error containing:

Error Code: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''0'' at line 1

Query: SELECT * FROM table123 WHERE raw_field = 'home' LIMIT 1 OFFSET '0'

Useless you treat it as an integer, and it will remove the string (e.g.: ' ').

$stmt->bindParam(':offset', $offset, PDO::PARAM_INT);

In a nutshell:

You choose! Strict data or not..