PHP : Function Reference : PDO Functions : PDOStatement->bindParam()
PDOStatement {
bool bindParam(mixed parameter, mixed variable, int data_type, int length, mixed driver_options); }
Binds a PHP variable to a corresponding named or question mark placeholder
in the SQL statement that was use to prepare the statement. Unlike
PDOStatement->bindValue(), the variable is bound as a
reference and will only be evaluated at the time that
PDOStatement->execute() is called.
Most parameters are input parameters, that is, parameters that are used
in a read-only fashion to build up the query. Some drivers support the
invocation of stored procedures that return data as output parameters,
and some also as input/output parameters that both send in data and are
updated to receive it.
Parameters
- parameter
Parameter identifier. For a prepared statement using named
placeholders, this will be a parameter name of the form
:name . For a prepared statement using
question mark placeholders, this will be the 1-indexed position of
the parameter.
- variable
Name of the PHP variable to bind to the SQL statement parameter.
- data_type
Explicit data type for the parameter using the PDO::PARAM_*
constants.
Defaults to PHP native type.
To return an INOUT parameter from a stored procedure,
use the bitwise OR operator to set the PDO::PARAM_INPUT_OUTPUT bits
for the data_type parameter.
- length
Length of the data type. To indicate that a parameter is an OUT
parameter from a stored procedure, you must explicitly set the
length.
- driver_options
Return Values
Returns TRUE on success or FALSE on failure.
Examples
Example 1771. Execute a prepared statement with named placeholders
<?php /* Execute a prepared statement by binding PHP variables */ $calories = 150; $colour = 'red'; $sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < :calories AND colour = :colour'); $sth->bindParam(':calories', $calories, PDO::PARAM_INT); $sth->bindParam(':colour', $colour, PDO::PARAM_STR, 12); $sth->execute(); ?>
Example 1772. Execute a prepared statement with question mark placeholders
<?php /* Execute a prepared statement by binding PHP variables */ $calories = 150; $colour = 'red'; $sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < ? AND colour = ?'); $sth->bindParam(1, $calories, PDO::PARAM_INT); $sth->bindParam(2, $colour, PDO::PARAM_STR, 12); $sth->execute(); ?>
Example 1773. Call a stored procedure with an INOUT parameter
<?php /* Call a stored procedure with an INOUT parameter */ $colour = 'red'; $sth = $dbh->prepare('CALL puree_fruit(?)'); $sth->bindParam(1, $colour, PDO::PARAM_STR|PDO::PARAM_INPUT_OUTPUT, 12); $sth->execute();
print("After pureeing fruit, the colour is: $colour"); ?>
m dot van dot urk
You can't bind a table name in the query.
So the following code isn't working:
$a = 'klanten';
$sQuery = "SELECT COUNT(*) FROM ? WHERE email = 'info@site.uk' AND wachtwoord = 'welcome'";
$rResult2 = $login->db->prepare($sQuery);
$rResult2->bindValue(1, $a);
$rResult2->execute();
}
catch (PDOException $e) {
die( $e-getMessage());
}
if ($rResult2->fetchColumn() == 0) {
echo 'false';
} else {
echo 'true';
}
jeffwa+php
Took me forever to find this elsewhere in the notes in the manual, so I'd thought I'd put this tidbit here to help others in the future.
When using a LIKE search in MySQL along with a prepared statement, the *value* must have the appropriate parentheses attached before the bindParam() statement as such:
<?php
$dbc = $GLOBALS['dbc'];
$sql = "SELECT * FROM `tbl_name` WHERE tbl_col LIKE ?";
$stmt = $dbc->prepare($sql);
$value = "%{$value}%";
$stmt->bindParam($i, $value, PDO::PARAM_STR);
?>
Trying to use
<?php
$stmt->bindParam($i, "%{$value}%", PDO::PARAM_STR);
?>
will fail.
willie
If you're using the MySQL driver and have a stored procedure with an OUT or INOUT parameter, you can't (currently) use bindValue(). See http://bugs.php.net/bug.php?id=35935 for a workaround.
xzilla
currently this is not supported in the PostgreSQL driver either, though AIUI this is supported in the PostgreSQL C API, so it could be added.
|
|