PHP PDO placeholders are replaced with the same values

Question

PHP PDO show some inexplicable behaviour. The parameter placeholders are replaced with the same values.

$query

UPDATE `newsletters` SET `title` = :title , `scheduled` = :scheduled , `modified` = :modified WHERE `id` = :id

$parameter

Array
(
    [:title] => New Newsletter22
    [:scheduled] => 2013-04-15 21:47:00
    [:modified] => 2013-04-15 21:47:51
    [:id] => 35
)

The Function

public  static function execute($query=null,$parameters=array())
{
    global $dbnew;

    $statement= $dbnew->prepare($query);


        foreach($parameters as $k=>$v){
            if(is_array($v)){
                $statement->bindParam($k, $v[0],$v[1]);
            }else{
                $statement->bindParam($k, $v);
            }
        }


    $statement->execute();
    return $statement;
}

Executed query

1132 Query  UPDATE `newsletters` SET `title` = '35' , `scheduled` = '35' , `modified` = '35' WHERE `id` = '35'

Answer 1

The bindParam method binds a reference to a variable, rather than the value of the variable.

Your foreach loop updates the value of $v upon each iteration.

Since bindParam doesn't bind values until you actually execute the query, the value of all bound parameters in your example will be the same. They will all be bound to the value of $v from your last loop iteration.

Use bindValue to bind the actual value of the variable rather than a reference.

$statement->bindValue($k, $v);

From php.net documentation:

bool PDOStatement::bindParam
Binds a PHP variable to a corresponding named or question mark placeholder in the SQL statement that was used to prepare the statement. Unlike PDOStatement::bindValue(), the variable is bound as a reference and will only be evaluated at the time that PDOStatement::execute() is called.