PDO Prepared Statement Issue

Question

I have this prepared Statment:

$stmt = $dbh->prepare("select * from t where name like :name ");

Binding like this works:

$p = "%glas%";
$stmt->bindParam(':name', $p );

If I put in the term direktly, it fails:

$stmt->bindParam(':name', "%glas%" );

What´s the difference?

For that, there's [`bindValue()`](http://us3.php.net/manual/en/pdostatement.bindvalue.php) — Michael Berkowski, Jan 02 '14 at 21:36
See also http://stackoverflow.com/questions/1179874/pdo-bindparam-versus-bindvalue — Michael Berkowski, Jan 02 '14 at 21:37
You can also simply pass an array of values to execute(), and this works for both lvalue variables and constant values. I'm always puzzled why people seem to think they need to bindParam() or bindValue() with PDO. — Bill Karwin, Jan 02 '14 at 22:26

Jeremy Harris · Accepted Answer · 2014-01-02T21:41:56.150

If you look at the method definition for bindParam:

public bool PDOStatement::bindParam ( mixed $parameter , mixed &$variable [, int $data_type = PDO::PARAM_STR [, int $length [, mixed $driver_options ]]] )

You will notice it expects mixed &$variable meaning it needs an address. When you pass a literal string, it is not stored with an address the way a conventional variable is.

The reason for the address requirement is also discussed in the documentation:

Unlike PDOStatement::bindValue(), the variable is bound as a reference and will only be evaluated at the time that PDOStatement::execute() is called.

PDO Prepared Statement Issue

1 Answers1