mysqli bind method and call_user_func_array

Question

I have the following code:

    function insertrow($tablename,$record){
        $columns = $this->gettablecol($tablename);
        $types = $this->getbindtypestring($columns);    
        array_unshift($record, $types);                                             
        if(count($columns) && $types){              
            $query = 'INSERT INTO '.$tablename.' VALUES (?'.str_repeat(',?',count($columns)-1).')';
            if($stm = $this->linkid->prepare($query)){                  
                $res = call_user_func_array(array(&$stm,"bind_param"), $params);                    
                $stm->execute();                    
                print_r($stm);
                $stm->close();                                      
            }
        }
    }

The $record array looks like this:

    (
        [0] => sssisssssssssssi
        [recordid] => TEST1
        [recdate] => 2012-10-31 08:45:49
        [lastmod] => 2012-10-31 08:45:49
        [delflag] => 0
        [cusname] => Dilbert
        [address1] => 181 Somewhere
        [address2] => 
        [city] => St. Petersburg
        [state] => FL
        [zipcode] => 33713
        [telephone] => 8135551212
        [faxnumber] => 8135551313
        [webaddress] => 
        [taxid] => 260708780
        [pinnumber] => 12345
        [isactive] => 0 
)

But $stm tells me that there is no data:

mysqli_stmt Object
(
    [affected_rows] => 0
    [insert_id] => 0
    [num_rows] => 0
    [param_count] => 16
    [field_count] => 0
    [errno] => 2031
    [error] => No data supplied for parameters in prepared statement
    [sqlstate] => HY000
    [id] => 1
)

It appears that the $record array is somehow malformed. Any insight would be appreciated.

---

Hi Bill, thanks for the heads-up. I took your advice and switched API to PDO....I must admit I like how much easier it is to work with; however, my problem has not been solved. I changed my insertrow method to look like this:

    function insertrow($tablename,$record){         
        $this->connect();
        $columns = $this->gettablecol($tablename);      
        if(count($columns)){                
            $query = 'INSERT INTO '.$tablename.' VALUES (?'.str_repeat(',?',count($columns)-1).')';
            try{
                $stm = $this->linkid->prepare($query);                  
                $stm->execute($record);
            }catch(PDOException $e){
                $this->errormsg = $e.getMessage();
                $this.errhandler();
                exit();
            }           
        }
    }

Where record looks like this:

Array
(
    [recordid] => TEST1
    [recdate] => 2012-11-01 09:12:50
    [lastmod] => 2012-11-01 09:12:50
    [delflag] => 0
    [cusname] => Dilbert
    [address1] => 181 Somewhere
    [address2] => 
    [city] => St. Petersburg
    [state] => FL
    [zipcode] => 33713
    [telephone] => 8135551212
    [faxnumber] => 8135551313
    [webaddress] => 
    [taxid] => 260708780
    [pinnumber] => 12345
    [isactive] => 0
)

I even copied the values of $record into a new array:

$newrec = array();
foreach($record as $row){
   $newrec = $row;
}

It looked like this:

 Array
(
    [0] => TEST1
    [1] => 2012-11-01 09:01:32
    [2] => 2012-11-01 09:01:32
    [3] => 0
    [4] => Dilbert
    [5] => 181 Somewhere
    [6] => 
    [7] => St. Petersburg
    [8] => FL
    [9] => 33713
    [10] => 8135551212
    [11] => 8135551313
    [12] => 
    [13] => 260708780
    [14] => 12345
    [15] => 0
)

And passed it to $stm->execute($newrec) but it did not work and threw no exception. Anything else I can look at?

At this point I have removed passing the $record array and just hardcoded the values:

$stm->execute(array('TEST2','2012-10-10 00:00:00','2012-10-10 00:00:00',0,'1','2','3','4','5','6','7','8','9','0','11',0));

I am still not getting a record inserted into the table even though both prepare and execute come back true.

Is it necessary for me to bind the parameters to their specific data types?

Answer 1

The difficulty of using bind_param is why I dislike using Mysqli when developing a reusable database access layer. It can be done, but PHP's references make it unnecessarily arcane.

For a solution, see my answer in mysqli_prepare vs PDO

Basically, the array you pass must be an array of references, not an array of scalars.

I found that using PDO is much easier when developing a DBAL. You don't have to bind anything. You just pass the array to PDOStatement::execute().

---

Re your edit:

I'm that PDO was helpful to you. But that may not have been the root cause of your original problem after all. Apologies if my suggestion was a wild goose chase. But at least now you're using PDO, so this has been a character-building experience. :-)

Two things I noticed in your code, but I'm not sure if these are problems:

You add a number of parameter placeholders based on the count of the $columns array, but how do you know this is the same count as the $record array? If you have a mismatch between the number of parameter placeholders and the number of values you supply to execute(), then it's an error.

You should check:

if (count($columns) != count($record)) { 
  // report error
}

Or alternatively, you could make sure to include only columns mentioned as keys in your $record array:

$columns_to_insert = array_intersect($columns, array_keys($record));

By the way (this is not an error, just a tip), I'd generate the sequence of parameter placeholders like this, just to avoid the string concatenation and risk of off-by-one errors:

join(",", array_fill(0, count($record), "?"))

The other thing I noticed is that you don't check the return value of execute(). If it returns false then there's an error and you should investigate the nature of the error.

You're catching exceptions, but the default mode of PDO is not to throw exceptions, but just set the return value of functions to indicate errors. You can use it in that manner, or else you have to explicitly enable the exception-throwing mode:

$this->linkid->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

That setting is global for the duration of the PDO connection; you don't have to do it every time you insert a row.