Why Prepared Statements?

• For security and better performance.
• Prevent a very common type of vulnerability called an SQL injection attack.
• When dealing with prepared statements, you don’t need to worry about functions that escape all of the necessary trouble characters, such as the single quote, double quote, and backslash characters.
• The prepared statements executes only at initial time, so it will increase the performance. . Then if you execute the query many times, it will no longer have that overhead. This pre-parsing can lead to a speed increase if you need to run the same query many times, such as when doing many INSERT statements.
• Performance may increase is through the use of the new binary protocol that prepared statements can use. The traditional protocol in MySQL always converts everything into strings before sending them across the network.

mysqladmin -u user1 -p password "newpassword"

Shell Command

/etc/init.d/mysqld stop

wait until MySQL stops, then run the following commands :

mysqld_safe --skip-grant-tables &

Then you will be you will be able to login as root with no password.

mysql -uroot mysql

In MySQL command prompt use the following commands :

use mysql;
update user set password=PASSWORD("newrootpassword") where User='root';
FLUSH PRIVILEGES;

Restart MySQL :

/etc/init.d/mysqld stop

/etc/init.d/mysqld start

Example :

Suppose we have two tables student and mark :
Student
id     | integer |
name   | text    |

Mark
id     | integer |
name   | text    |
mark | integer |

We can copy all values of student to mark by using the following query :

insert into mark select * from student;
 id | name  | mark
----+-------+--------
  1 | test  |
  2 | test1 |
  3 | test2 |
  4 | test3 |

We can copy one column of student to mark by using the following query :

insert into mark(name) select name from student

PHP Script

<?php
$db_name ='test_db';
$db_host = 'localhost';
$db_user = 'root';
$db_password = 'mypassword';
$dsn = 'mysql:dbname=$db_name;host=$db_host;';
$connectionString = new PDO($dsn, $db_user, $db_password);
?>

The DSN settings for different database engines to connect with PDO. Supported database drivers are as shown below:

PDO_DBLIB for FreeTDS/Microsoft SQL Server/Sybase

mssql:host=localhost;dbname=test_db
sybase:host=localhost;dbname=test_db
dblib:host=localhost;dbname=test_db

PDO_INFORMIX for IBM Informix Dynamic Server

informix:host=host.domain.com;service=9800;database=test_db;
server=ids_server;protocol=onsoctcp;

EnableScrollableCursors=1;

PDO_MYSQL for MySQL 3.x/4.x/5.x

mysql:host=localhost;port=3307;dbname=test_db
mysql:unix_socket=/tmp/mysql.sock;dbname=test_db

PDO_OCI for Oracle Call Interface

oci:mydb
oci:dbname=//localhost:1521/test_db

PDO_ODBC for ODBC v3 (IBM DB2, unixODBC and win32 ODBC)

odbc:test_db
odbc:DRIVER={IBM DB2 ODBC DRIVER};HOSTNAME=localhost;PORT=50000;DATABASE=test_db;
PROTOCOL=TCPIP;UID=db_user_name;PWD=db_password;
odbc:Driver={Microsoft Access Driver (*.mdb)};Dbq=C:db.mdb;Uid=Admin

PDO_PGSQL for PostgreSQL

pgsql:dbname=test_db;user=db_user_name;password=db_password;
host=localhost;port=5432

PDO_SQLITE for SQLite 3 and SQLite 2

sqlite:/opt/databases/mydb.sq3
sqlite::memory:
sqlite2:/opt/databases/mydb.sq2
sqlite2::memory:

PDO_FIREBIRD for Firebird/Interbase 6

firebird:user="db_user_name;Password=db_password;
Database=DATABASE.GDE;DataSource=localhost;Port=3050;