Stack Overflow
Stack Overflow

Questions tagged [bindparam]

In PHP, binds a variable to a corresponding named or question mark parameter in the SQL statement that was used to prepare the statement.

Binds a PHP variable to a corresponding named or question mark parameter in the SQL statement that was used to prepare the statement. Unlike PDOStatement::bindValue(), the variable is bound as a reference and will only be evaluated at the time that PDOStatement::execute() is called. 

public bool PDOStatement::bindParam ( mixed $parameter , mixed &$variable [, int $data_type = PDO::PARAM_STR [, int $length [, mixed $driver_options ]]] )

Reference

PHP Documentation

267 questions
423
votes
7 answers

What is the difference between bindParam and bindValue?

What is the difference between PDOStatement::bindParam() and PDOStatement::bindValue()?
koen
  • 13,349
  • 10
  • 46
  • 51
34
votes
7 answers

How can I bind an array of strings with a mysqli prepared statement?

I need to bind an array of values to WHERE IN(?) clause. How can I do that? This works: $mysqli = new mysqli("localhost", "root", "root", "db"); if(!$mysqli || $mysqli->connect_errno) { return; } $query_str = "SELECT name FROM table WHERE city…
Mark
  • 2,666
  • 3
  • 25
  • 29
33
votes
1 answer

How to prepare statement for update query?

I have a mysqli query with the following code: $db_usag->query("UPDATE Applicant SET phone_number ='$phone_number', street_name='$street_name', city='$city', county='$county', zip_code='$zip_code', day_date='$day_date', month_date='$month_date', …
Michael
  • 6,377
  • 14
  • 59
  • 91
20
votes
7 answers

How to bind LIKE values using the PDO extension?

In this query select wrd from tablename WHERE wrd LIKE '$partial%' I'm trying to bind the variable '$partial%' with PDO. Not sure how this works with the % at the end. Would it be select wrd from tablename WHERE wrd LIKE ':partial%' where…
dmontain
  • 1,621
  • 4
  • 14
  • 16
14
votes
2 answers

What does bind_param accomplish?

I'm learning about avoiding SQL injections and I'm a bit confused. When using bind_param, I don't understand the purpose. On the manual page, I found this example: $stmt = mysqli_prepare($link, "INSERT INTO CountryLanguage VALUES (?, ?, ?,…
EveyPortman
  • 394
  • 2
  • 4
  • 17
12
votes
2 answers

Confusion between bindValue() and bindParam()?

I am confuse between these two functions Bindvalue() and BindParam() I read on php.net it does not escape % and _, so be careful when using LIKE. So i think BindValue() is not used when we are using LIKE query. when we using LIKE query BindParam()…
Arun Pratap Singh
  • 395
  • 2
  • 4
  • 12
11
votes
3 answers

bind_param problem with binding boolean values

I have a problem binding booleans using mysqli_stmt::bind_param in PHP5. The SQL query is the following: insert into `nvp_notes` (subject,messageid,receivedate,read) values (?,?,?,?) Where 'read' is a tinyint, either 0 or 1, as I've had issues with…
ian
10
votes
1 answer

Bind multiple parameters into mysqli query

Right now I need to use the following structure to cope with binding multiple parameters into a mysqli query: if ($words_total == 1) { $statement -> bind_param("s", $words[0]); } else if ($words_total == 2) { $statement -> bind_param("ss",…
Amy Neville
  • 10,067
  • 13
  • 58
  • 94
9
votes
2 answers

What exactly does first parameter in bind_param() do?

I am trying to understand prepared statements using PHP and mysqli. I tried to read on some tutorials, manual and this one: Bind_Param in PHP, but I have not yet found any satisfying answer. Someone wrote in answer as: When you prepare an SQL…
Krupal Shah
  • 8,949
  • 11
  • 57
  • 93
9
votes
1 answer

Is it possible to use bind_param for ORDER BY?

In my mind I have a query that goes something like this: $sort = isset($sort) ? sanitize($_sort) : 'id'; if ($result = $link->prepare(" SELECT id, price FROM items ORDER BY ? ")) { $result->bind_param("s", $sort); …
Craig van Tonder
  • 7,497
  • 18
  • 64
  • 109
8
votes
1 answer

What does bind_param() do?

$resultSpendStmt = $connection->prepare(...); $array->bind_param("sdidi", $A, $B, $C, $D, $E); $array->execute(); $array->store_result(); $array->bind_result($F, $G, $H, $I, $J, $K); I am still a little unsure what bind_param does. Can someone give…
cool_cs
  • 1,661
  • 6
  • 20
  • 26
7
votes
3 answers

Insert NULL instead of empty string with PDO

I have a table which has some nullable fields and when the user enters nothing into the HTML form field, I want to insert NULL into that field, not an empty string (this is important as some of my SELECTs on these tables later use conditions such as…
Alpaus
  • 646
  • 1
  • 7
  • 21
7
votes
2 answers

How to use mysqli::bind_param with an array as the second parameter

This query is supposed to insert a new user into the 'users' table $user = DB::getInstance()->insert('users', array( 'username' => 'jim', 'password' => 'pass', 'salt' => 'salt' ) ); Corresponding insert() public…
qb1234
  • 155
  • 2
  • 14
6
votes
1 answer

mysqli prepared statements, insert NULL using bind params

Does anyone know if it is possible to insert NULL into a column with MYSQLI bind_param. I have a situation where sometimes I want to set a column to null in bind_param. Like so... $column2 = "NULL"; $insert_data->bind_param('ss',…
Columbo
  • 2,896
  • 7
  • 44
  • 54
6
votes
3 answers

multiple calls to $stmt->bind_param

I'm in a situation where I want to build a code which gets $bindParam variable in this format: $bindParams = [$type1 => $param1, $type2 => $param2, ... ] I wanna build some code that dynamically adds that parameters to the prepared statement. This…
Amir Hossein Baghernezad
  • 3,616
  • 27
  • 28
1
2 3
17 18