Passing array values for use in mysqli_stmt::bind_param

Question

Hello this is my first posting here, so if I'm doing something wrong in my question and I will try to fix it.

So anyway. I'm trying to and some security to a database interface class and its functions. The error I am getting is: "Warning: mysqli_stmt_bind_param(): Invalid type or no types specified in "blah blah" line 46 which I will mark below

public function RunSql($Sql, $BindVars) {
    $con = DataBase::ConDataBase(); // setting up connection

    $type = DataBase::MakeTypes($BindVars);// make type string to send to bind_param.

    $result = DataBase::ReturnData($Sql, $BindVars, $type);

    if (!$result) {
        printf("Error: %s\n", mysqli_error($con));
        exit();
    }
    $_SESSION['connection'] = $con;
    return $result;
}

This is my second step it sends the array and Sql to the DB using mysqli functions

public function ReturnData($Sql, $BindVars, $type) {

    $con = DataBase::ConDataBase();// connecting to DB again
    $stmt = $con->prepare($Sql);

    $sql_stmt = mysqli_prepare($con, $Sql);

These two are what I have been trying to learn about, they are supposed to do the same thing but I cant seem to get either working.

    call_user_func_array('mysqli_stmt_bind_param', array_merge(array($sql_stmt, $type), DataBase::refValues($BindVars)));
    //call_user_func_array(array($sql_stmt, $type), DataBase::refValues($BindVars));

these are the erroring lines. and I am lost .

    mysqli_stmt_execute($sql_stmt);

    $stmt->store_result();
    $result = $stmt->get_result();

    return $result;
}

This takes and iterates though the Array of values to use in the Sql and builds the $type string that bind_param needs.

public function MakeTypes($BindVars) {
    $type = "";
    foreach ($BindVars as $value) {
        $type .= substr(gettype($value), 0, 1);
    }
    //echo $type;
}

I'm not sure what this does it came from answer on here... and I cant seem to find it right now

public function refValues($arr) {
    $refs = array();

    foreach ($arr as $key => $value) {
        $refs[$key] = &$arr[$key];
    }

    return $refs;
}

I am sorry for the long flood of code but I think might all be relevant to whom ever can help me get this working.

Best of luck and thank you for your time.

Can you explain these lines?: $in = str_repeat("?,", count($values)); $in = trim($in, ","); $sql = "SELECT * from users where username in($in)"; — WhiteShadow, May 07 '14 at 19:31
if you have your query ready, you don't need this part. you need only binding part. — Your Common Sense, May 07 '14 at 19:39
Why use `call_user_func_array`? Are you trying to make an ORM / DAO? — Logan Murphy, May 07 '14 at 19:43
thank you for the help Your Common Sense, I am working on adapting my code. Ill let you know if it works. — WhiteShadow, May 07 '14 at 19:54
` Warning: mysqli_stmt::bind_param(): Invalid type or no types specified in ` this line ` call_user_func_array(array($stm, 'bind_param'), $bind); ` @YourCommonSense Common Sense what am I missing? How are types are tied to the ` array_unshift($bind, $type); ` ? — WhiteShadow, May 07 '14 at 20:25
@LoganMurphy Well if you can provide me with a simple implementation I am more than willing to give it a go. — WhiteShadow, May 07 '14 at 20:35
@WhiteShadow What I am asking is why don't you just call it like so `mysqli_stmt_bind_param($stmt, "i", $integer);`. Why do you have to use reflection? It is alright to do it with reflection if you are making your own ORM/DAO but I would have an alternative suggestion if that was indeed your goal. Also, what libraries are you using that allows you to use `DataBase`? — Logan Murphy, May 07 '14 at 20:45
By the way you will not get reflection to work with `mysqli_stmt_bind_param` because it requires you to bind variables but you are binding indices of an array which does not work. Which is why I am asking these questions. Trust me I tried everything. But I did find a work around. — Logan Murphy, May 07 '14 at 20:49
@LoganMurphy to be quaint, I'm barely understanding what I'm working with on the $stmt functions. the whole reason for this class is to (after reading up on what you said) is to make a DAO. But I'm trying to prevent injections and that manner of nastiness. I'm open to learn both sides. And make my own methods if needed. — WhiteShadow, May 07 '14 at 20:53

Passing array values for use in mysqli_stmt::bind_param

0 Answers0