0

I wonder if the new system [ mysqli_prepare() & bind_param() ] has not removed part of the flexibility we use to have when coding. For trying to upgrade a full well working website to this new level (rewriting all the classes), I'm just facing some limits. How would the following code now be handled within bind_param() & mysqli_prepare() ?

Code:

$array= array(1,2,3); // this array is unlimited

    $sql="  SELECT   price  FROM ".self::$table." WHERE name='X' ";
    foreach($array as $num):
    $sql .=" OR position='".$num."' ";
    endforeach;
    $sql .= "group by price";

How now inside ?

$stmt=   mysqli_prepare($this->connection,$sql); // ???
$stmt->bind_param(); // ???
alexis
  • 43
  • 7
  • Binding of arbitrary number of parameters indeed become less convenient, but it's a price of security. To soften the pain, you may want to check [PDO, which is way more usable in this regard](https://phpdelusions.net/pdo/mysqli_comparison). – Your Common Sense Jun 24 '16 at 13:29
  • I understand, but PDO would be a new field to learn for me since I know nothing about it - I really love mysql ( now mysqli ) – alexis Jun 24 '16 at 13:36
  • Just read the link I posted and consider whether you really love mysqli. Not to mention that the syntax is almost identical. – Your Common Sense Jun 24 '16 at 13:43

0 Answers0