mysqli_prepare vs PDO

Question

BACKGROUND

I\'m trying to write a function query

query(\'type\', \'parameters\', \'bind_types\')

which I can call

Answer 1

Yes, writing a generic bind-this-array-into-a-query in Mysqli is a royal PITA. I eventually got it to work when I was coding Zend Framework's mysqli adapter, but it took a lot of work. You're welcome to take a look at the code. I see one chief difference, here's how I did the refs:

$stmtParams = array();
foreach ($params as $k => &$value) {
    $stmtParams[$k] = &$value;
}
call_user_func_array(
    array($this->_stmt, 'bind_param'), // mysqli OO callback
    $stmtParams
);

This is slightly different than yours. I wonder if in your code the ref operator & binds more tightly than the array index [] operator.

Note I also had to use the ref operator both in the foreach and in the assignment. I never quite understood why, but this was the only way it would work. PHP refs are pretty mysterious and hard to understand.

This may not be a viable suggestion if you're stuck with an environment that has Mysqli enabled but not PDO, but you should really consider using PDO instead. PDO takes care of a lot of that work for you; you can simply pass an array of values to PDOStatement::execute() for a prepared query with parameters. For me, it was far easier to use PDO for this particular use than mysqli.

$pdoStmt->execute( array('joe@gmail.com','Password') );  // it's that easy

P.S.: I hope you're not storing passwords in plaintext.