PDO::exec

(PHP 5 >= 5.1.0, PHP 7, PECL pdo >= 0.1.0)

PDO::exec SQL ステートメントを実行し、作用した行数を返す

説明

public int PDO::exec ( string $statement )

PDO::exec() は、一度の関数コールで SQL 文を実行し、文によって作用した行数を返します。

PDO::exec() は SELECT 文からは結果を返しません。 プログラム中で一度だけ発行が必要になる SELECT 文に対しては、 PDO::query() の発行を検討してください。 複数回発行が必要な文については、PDO::prepare() による PDOStatement オブジェクトの準備と PDOStatement::execute() による文の発行を行ってください。

パラメータ

statement

準備、実行する SQL ステートメントを指定します。

クエリ内のデータは 適切にエスケープ する必要があります。

返り値

PDO::exec() は、発行した SQL ステートメントによって更新もしくは 削除された行数を返します。 1 行も作用しなかった場合、PDO::exec()0 を返します。

警告

この関数は論理値 FALSE を返す可能性がありますが、FALSE として評価される値を返す可能性もあります。 詳細については 論理値の セクションを参照してください。この関数の返り値を調べるには ===演算子 を 使用してください。

以下の例は PDO::exec() の戻り値の使用法を間違っています。結果として一行も更新されなかった場合に die() がコールされてしまうからです。

<?php
$db
->exec() or die(print_r($db->errorInfo(), true));
?>

例1 DELETE 文の発行

WHERE 句を伴う DELETE 文によって削除された行数をカウントします。

<?php
$dbh 
= new PDO('odbc:sample''db2inst1''ibmdb2');

/* FRUIT テーブルから全ての行を削除する */
$count $dbh->exec("DELETE FROM fruit WHERE colour = 'red'");

/* 削除された行数を返す */
print("Deleted $count rows.\n");
?>

上の例の出力は以下となります。

Deleted 1 rows.

参考

  • PDO::prepare() - 文を実行する準備を行い、文オブジェクトを返す
  • PDO::query() - SQL ステートメントを実行し、結果セットを PDOStatement オブジェクトとして返す
  • PDOStatement::execute() - プリペアドステートメントを実行する

add a note add a note

User Contributed Notes 8 notes

up
18
david at acz dot org
11 years ago
This function cannot be used with any queries that return results.  This includes SELECT, OPTIMIZE TABLE, etc.
up
12
soletan at toxa dot de
11 years ago
It's worth noting here, that - in addition to the hints given in docs up there - using prepare, bind and execute provides more benefits than multiply querying a statement: performance and security!

If you insert some binary data (e.g. image file) into database using INSERT INTO ... then it may boost performance of parsing your statement since it is kept small (a few bytes, only, while the image may be several MiBytes) and there is no need to escape/quote the file's binary data to become a proper string value.

And, finally and for example, if you want to get a more secure PHP application which isn't affectable by SQL injection attacks you _have to_ consider using prepare/execute on every statement containing data (like INSERTs or SELECTs with WHERE-clauses). Separating the statement code from related data using prepare, bind and execute is best method - fast and secure! You don't even need to escape/quote/format-check any data.
up
4
calin at NOSPAM dot softped dot com
2 years ago
PDO::eval() might return `false` for some statements (e.g. CREATE TABLE) even if the operation completed successfully, when using PDO_DBLIB and FreeTDS. So it is not a reliable way of testing the op status.

PDO::errorInfo() can be used to test the SQLSTATE error code for '00000' (success) and '01000' (success with warning).

<?php
function execute(PDO $conn, $sql) {
   
$affected = $conn->exec($sql);
    if (
$affected === false) {
       
$err = $conn->errorInfo();
        if (
$err[0] === '00000' || $err[0] === '01000') {
            return
true;
        }
    }
    return
$affected;
}
?>

PDO::errorInfo(): http://php.net/manual/en/pdo.errorinfo.php
List of SQLSTATE Codes: http://www-01.ibm.com/support/knowledgecenter/SSGU8G_11.70.0/com.ibm.sqls.doc/ids_sqs_0809.htm
up
3
roberto at spadim dot com dot br
10 years ago
this function don't execute multi_query
to get it see SQLITE_EXEC comments there is an pereg function that get all queries and execute all then an return the last one
up
-1
blah at whatevr dot com
10 years ago
You can't use it not only with SELECT statement, but any statement that might return rows. "OPTIMIZE table" is such example (returns some rows with optimization status).

If you do, PDO will lock-up with the "Cannot execute queries while other unbuffered queries are active." nonsense.
up
-7
Anonymous
7 years ago
I spent half a day trying to work out why I could not update my sqlite3 database from apache using the PHP PDO driver. I was getting NO error messages at all.

I could connect and select data, but not modify it.

It wasn't until I added the following line:

$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);

after immediately opening the database, that I got a hint of what was happening.

filename: File3
dl_count: 100

( ! ) Warning: PDO::exec() [pdo.exec.html]: SQLSTATE[HY000]: General error: 8 attempt to write a readonly database in /www/htdocs/test/dl-counter/sqlite-readwrite-test.php on line 76
Call Stack
#
Time
Memory
Function
Location
1  0.0086  330120  {main}( )  ../sqlite-readwrite-test.php:0
  2  0.0273  331240  PDO->exec( )  ../sqlite-readwrite-test.php:76

Affected Rows: ''

filename: File3
dl_count: 100

The problem was with the file permissions. As root I could read and write the database from the sqlite3 command line monitor. But Apache was unable to write the database.

Changed the permissions to 755 wwwrun:wwrun and it all works OK!

Thanks again :)
up
-8
hungry dot rahly at gmail dot com
6 years ago
For those that want an exec that handles params like prepare/execute does.  You can simulate this with another function

<?php
class Real_PDO extends PDO {
  public function
execParams($sql, $params) {
   
$stm = $this->prepare($sql);
   
$result = false;
    if(
$stm && $stm->execute($params) ) {
     
$result = $stm->rowCount();
      while(
$stm->fetch(PDO::FETCH_ASSOC) ) {
      }
    }
    return
$result;
  }
}
?>

Remember though, if you are doing a lot of inserts, you'll want to do it the manual way, as the prepare statement will speed up when doing multiple executes(inserts).  I use this so I can place all my SQL statements in one place, and have auto safe quoting against sql-injections.

If you are wondering about the fetch after, remember some databases can return data SELECT-like data from REMOVE/INSERTS.  In the case of PostgreSQL, you can have it return you all records that were actually removed, or have the insert return the records after the insert/post field functions, and io trigger fire, to give you normalized data.

<?php
define
("BLAH_INSERT", "INSERT INTO blah (id,data) VALUES(?,?)");
$pdo = new Real_PDO("connect string");
$data = array("1", "2");
$pdo->execParams(BLAH_INSERT, $data);
?>
up
-7
jon at chem dot umass dot edu
10 years ago
If you do this:

<?php
$res
= $dbh->query("SELECT * FROM sessions                        WHERE session_id = '$p_sessID'");

$l_records = $res->fetch(PDO::FETCH_ASSOC);

if(
$l_records ) {
  
// ...update session-data
  
$l_theQuery = "UPDATE sessions SET session_expires='$newExp', session_data='$p_sessData' WHERE session_id='$p_sessID'";
   echo
$l_theQuery;
  
$l_stmt = $this->db->prepare($l_theQuery);

   if (
$l_stmt ) {
     
$l_rows = $l_stmt->execute();
   }
}
?>

You will get nothing.

But do this:

<?php
$dbh
->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
?>

Prior to the code above, you will get this:

"PDO::prepare(): SQLSTATE[HY000]: General error: 2014 Cannot execute queries while other unbuffered queries are active. Consider using PDOStatement::fetchAll(). Alternatively, if your code is only ever going to run against mysql, you may enable query buffering by setting the PDO::MYSQL_ATTR_USE_BUFFERED_QUERY attribute."

So, instead of fetch(), use fetchAll(), it will make you less insane.

Incidentally, the INSERT statement that I was issuing, if the record that I needed to update didn't yet exist, after the initial fetch() command worked perfectly.

Changing to fetchAll() fixed it.
To Top