an alternative to stored procedures

I am having problems using stored procedures. Making call to a stored procedure is not working for me. So I replaced the stored procedure by an sql statement. But now, I have some stored procedures which receive parameters. for example

CREATE PROCEDURE get_category_details_proc(IN incat_id INT)
BEGIN 

SELECT name, desc 
FROM category
WHERE cat_id = incat_id;

END

How can I replace this by using simply sql statements?

Please see my previous question for more details.

I already have this function in my database connection class:

public static function GetRow($sqlQuery, $params = null, $fetchStyle = PDO::FETCH_ASSOC)
 {
  $result = null;
  try
  {
   $database_handler = self::GetHandler();
   $statement_handler = $database_handler->prepare($sqlQuery);
   $statement_handler->ex开发者_JS百科ecute($params);
   $result = $statement_handler->fetch($fetchStyle);

  }
  catch(PDOException $e)
  {
   self::Close();
   trigger_error($e->getMessage(), E_USER_ERROR);

  }
  return $result;


 }

And in another class where I am actually calling the stored procedures I have:

public static function GetCategoryDetails($categoryID)
 {
  $sql = CALL get_category_details_proc(:category_id);
              $params = array(':category_id' => $categoryID);
  return DatabaseHandler::GetRow($sql,$params);

 }

---

Use a Prepared statement like the following:

$pdo = new PDO(...);
$statement = $pdo->prepare('SELECT name, desc FROM category WHERE cat_id = ?');
$statement->execute(array(10)); // incat_id
$rows = $statement->fetchAll();

---

You could just build the query string with concatenation but as Rick mentions below make sure to cast/validate. Always sanitize all external inputs - use mysql_real_escape_string, or better still, prepared statements

$query = "select name, desc FROM category where cat_id = ".$incat_id;

Then pass that into the PHP mysql_query

$result=mysql_query($query);