How to execute select statements

      prepare($sql_statement)
      // Prepares the specified SQL statement for execution and returns a 
      // PDOStatement object. Within the SQL statement, you can use a 
      // colon (:) to add parameters to the statement.
      

      bindValue($param, $value)
      // Binds the specified value to the specified parameter in the prepared statement. 
      
      execute() 
      // Executes the prepared statement.
      

      $query = "SELECT * FROM products";
      $statement = $db->prepare($query);
      $statement->execute();
      

      $query = "SELECT * FROM products WHERE categoryID = :category_id";
      $statement = $db->prepare($query);
      $statement->bindValue(':category_id', $category_id);
      $statement->execute();
      

Description

• To prepare a SQL statement, you use the prepare() method of the PDO object. It requires just one argument, which is the SQL statement to be executed.
• To execute a SQL statement, you use the execute() method of the PDOStatement object.
• To bind a variable to a parameter, you can use the bind() method of the PDOStatement object.
• To identify a parameter in a SQL statement, you can code a colon (:) followed by the name of the parameter.
• If the SQL statement is a SELECT statement that returns a result set, the execute method stores the result set in the PDOStatement object. Then, you can get the data from the PDOStatement object by using the techniques in the next two pages.