PHP pdo update, which one is better?

[colap]

$sql = "UPDATE books 
        SET title=?, author=?
		WHERE id=?";
$q = $conn->prepare($sql);
$q->execute(array($title,$author,$id));

UPDATE `access_users` 
SET `contact_first_name` = :firstname,
`contact_surname` = :surname,
`contact_email` = :email,
`telephone` = :telephone 
WHERE `user_id` = :user_id

Which one is better to follow and why is that better?

[requinix]

You mean which style is better, quotation marks or named placeholders? There's no difference technically, but if you use named placeholders then it's easier to make sure your variables are lined up correctly and less risk of accidentally putting variables in the wrong place.

[racken]

It doesn't matter at all personally i use the placeholder names as if you dynamically create the queries its much less likely something will go wrong

[Strider64]

What I do is use placeholder names then try to keep everything constant (prepared statements, variables and what have you).

 

for example

$query = "UPDATE users SET username=:username WHERE id=:id";
$stmt = $pdo->prepare($query);
$result = $stmt->execute([':username' => $_POST['username'], ':id' => $_POST['id']]); 

That way is easier to spot a syntax error easier in my opinion. 

Edited August 8, 2015 by Strider64

[scootstah]

I really see no reason to use ? placeholders. It makes it hard to read and on more complicated queries it just becomes a headache very fast.