PHP + MYSQLI: Variable parameter/result binding with prepared statements

Question

In a project that I\'m about to wrap up, I\'ve written and implemented an object-relational mapping solution for PHP. Before the doubters and dreamers cry out \"how on earth

Answer 1

I am not allowed to edit, but I believe in the code

call_user_func_array(array(&$stmt, 'bindparams'), $array_of_params);

The reference in front of $stmt is not necessary. Since $stmt is the object and bindparams is the method in that object, the reference is not necessary. It should be:

call_user_func_array(array($stmt, 'bindparams'), $array_of_params);

For more information, see the PHP manual on Callback Functions."

Answer 2

The more modern way to bind parameters dynamically is via the splat/spread operator (...).

Assuming:

• you have a non-empty array of values to bind to your query and
• your array values are suitably processed as string type values in the context of the query and
• your input array is called $values

Code for PHP5.6 and higher:

$stmt->bind_param(str_repeat('s', count($values)), ...$values); 

Answer 3

call_user_func_array(array(&$stmt, 'bindparams'), $array_of_params);

Didn't work for me in my environment but this answer set me on the right track. What actually worked was:

$sitesql = '';
$array_of_params = array();
foreach($_POST['multiselect'] as $value){
    if($sitesql!=''){
        $sitesql .= "OR siteID=? ";
        $array_of_params[0] .= 'i';
        $array_of_params[] = $value;
    }else{
        $sitesql = " siteID=? ";
        $array_of_params[0] .= 'i';
        $array_of_params[] = $value;
    }
}

$stmt = $linki->prepare("SELECT IFNULL(SUM(hours),0) FROM table WHERE ".$sitesql." AND week!='0000-00-00'");
call_user_func_array(array(&$stmt, 'bind_param'), $array_of_params);
$stmt->execute();

Answer 4

You've got to make sure that $array_of_params is array of links to variables, not values themselves. Should be:

$array_of_params[0] = &$param_string; //link to variable that stores types

And then...

$param_string .= "i";
$user_id_var = $_GET['user_id'];//
$array_of_params[] = &$user_id_var; //link to variable that stores value

Otherwise (if it is array of values) you'll get:

PHP Warning: Parameter 2 to mysqli_stmt::bind_param() expected to be a reference

---

One more example:

$bind_names[] = implode($types); //putting types of parameters in a string
for ($i = 0; $i < count($params); $i++)
{
   $bind_name = 'bind'.$i; //generate a name for variable bind1, bind2, bind3...
   $$bind_name = $params[$i]; //create a variable with this name and put value in it
   $bind_names[] = & $$bind_name; //put a link to this variable in array
}

and BOOOOOM:

call_user_func_array( array ($stmt, 'bind_param'), $bind_names); 

Answer 5

In PHP you can pass a variable number of arguments to a function or method by using call_user_func_array. An example for a method would be:

call_user_func_array(array(&$stmt, 'bindparams'), $array_of_params);

The function will be called with each member in the array passed as its own argument.