Delicious Bookmark this on Delicious Share on Facebook SlashdotSlashdot It! Digg! Digg



PHP : Function Reference : PDO Functions : PDOStatement->bindParam()

PDOStatement->bindParam()

Binds a parameter to the specified variable name ()

Example 1771. Execute a prepared statement with named placeholders

<?php
/* Execute a prepared statement by binding PHP variables */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
   FROM fruit
   WHERE calories < :calories AND colour = :colour'
);
$sth->bindParam(':calories', $calories, PDO::PARAM_INT);
$sth->bindParam(':colour', $colour, PDO::PARAM_STR, 12);
$sth->execute();
?>

Example 1772. Execute a prepared statement with question mark placeholders

<?php
/* Execute a prepared statement by binding PHP variables */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
   FROM fruit
   WHERE calories < ? AND colour = ?'
);
$sth->bindParam(1, $calories, PDO::PARAM_INT);
$sth->bindParam(2, $colour, PDO::PARAM_STR, 12);
$sth->execute();
?>

Example 1773. Call a stored procedure with an INOUT parameter

<?php
/* Call a stored procedure with an INOUT parameter */
$colour = 'red';
$sth = $dbh->prepare('CALL puree_fruit(?)');
$sth->bindParam(1, $colour, PDO::PARAM_STR|PDO::PARAM_INPUT_OUTPUT, 12);
$sth->execute();
print(
"After pureeing fruit, the colour is: $colour");
?>

Code Examples / Notes » pdostatement_bindparam

m dot van dot urk

You can't bind a table name in the query.
So the following code isn't working:
$a = 'klanten';

$sQuery = "SELECT COUNT(*) FROM ? WHERE email = 'info@site.uk' AND wachtwoord = 'welcome'";
$rResult2 = $login->db->prepare($sQuery);


$rResult2->bindValue(1, $a);
$rResult2->execute();
}

catch (PDOException $e) {
die( $e-getMessage());
}

if ($rResult2->fetchColumn() == 0) {
echo 'false';
} else {
echo 'true';
}


jeffwa+php

Took me forever to find this elsewhere in the notes in the manual, so I'd thought I'd put this tidbit here to help others in the future.
When using a LIKE search in MySQL along with a prepared statement, the *value* must have the appropriate parentheses attached before the bindParam() statement as such:
<?php
$dbc = $GLOBALS['dbc'];
$sql = "SELECT * FROM `tbl_name` WHERE tbl_col LIKE ?";
$stmt = $dbc->prepare($sql);
$value = "%{$value}%";
$stmt->bindParam($i, $value, PDO::PARAM_STR);
?>
Trying to use
<?php
$stmt->bindParam($i, "%{$value}%", PDO::PARAM_STR);
?>
will fail.


willie

If you're using the MySQL driver and have a stored procedure with an OUT or INOUT parameter, you can't (currently) use bindValue(). See http://bugs.php.net/bug.php?id=35935 for a workaround.

xzilla

currently this is not supported in the PostgreSQL driver either, though AIUI this is supported in the PostgreSQL C API, so it could be added.

Change Language


Follow Navioo On Twitter
PDO->beginTransaction()
PDO->commit()
PDO->__construct()
PDO->errorCode()
PDO->errorInfo()
PDO->exec()
PDO->getAttribute()
PDO->getAvailableDrivers()
PDO->lastInsertId()
PDO->prepare()
PDO->query()
PDO->quote()
PDO->rollBack()
PDO->setAttribute()
PDOStatement->bindColumn()
PDOStatement->bindParam()
PDOStatement->bindValue()
PDOStatement->closeCursor()
PDOStatement->columnCount()
PDOStatement->errorCode()
PDOStatement->errorInfo()
PDOStatement->execute()
PDOStatement->fetch()
PDOStatement->fetchAll()
PDOStatement->fetchColumn()
PDOStatement->fetchObject()
PDOStatement->getAttribute()
PDOStatement->getColumnMeta()
PDOStatement->nextRowset()
PDOStatement->rowCount()
PDOStatement->setAttribute()
PDOStatement->setFetchMode()
eXTReMe Tracker