That maps to the named placeholder in the query. It is not required for the binding, the driver will auto-added it if not present.
In your code you have
$sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < :calories AND colour = :colour');
^^^^^^^^^ ^^^^^^^
The driver reads anything with the :
and trailing text as a placeholder. It then swaps that content with the value being bound, escapes all special characters, and quotes the string.
So then your bindparam
has
:calories
and :colour
which match up to each of those. Let's say $calories
had o'brien
. When the query went to the DB it would be:
SELECT name, colour, calories
FROM fruit
WHERE calories < 'o\'brien'
PDO also supports unnamed placeholders which are just question marks ?
. You bind these by position.
$sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < ? AND colour = ?');
and then use a 1
because it is the first placeholder.
$sth->bindParam(1, $calories, PDO::PARAM_INT);
Additionally you can just pass all values to the execute
function as an array and it will do the binding as well.
Regardless of bindparam
or execute
binding you have to address the binding by how you use it in the query. Unnamed is positional, named is by name.