I have a prepared statement to store in my db some data coming from an API:
$sql = "INSERT INTO `standings` (`league_id`, `season`, `position`, `team_id`, `played`, `playedathome`, `playedaway`, `won`, `draw`, `lost`, `numberofshots`, `yellowcards`, `redcards`, `goals_for`, `goals_against`, `points`)
VALUES (:league_id, :season, :position, :team_id, :played, :playedathome, :playedaway, :won, :draw, :lost, :numberofshots, :yellowcards, :redcards, :goals_for, :goals_against, :points)
ON DUPLICATE KEY UPDATE `league_id`=:league_id, `season`=:season, `position`=:position, `team_id`=:team_id, `played`=:played, `playedathome`=:playedathome, `playedaway`=:playedaway, `won`=:won, `draw`=:draw, `lost`=:lost, `numberofshots`=:numberofshots, `yellowcards`=:yellowcards, `redcards`=:redcards, `goals_for`=:goals_for, `goals_against`=:goals_against, `points`=:points";
$prep = $pdo->prepare($sql);
$prep->bindParam(':league_id', $league_id);
$prep->bindParam(':season', $season);
$prep->bindParam(':position', $position);
$prep->bindParam(':team_id', $team_id);
$prep->bindParam(':played', $played);
$prep->bindParam(':playedathome', $playedathome);
$prep->bindParam(':playedaway', $playedaway);
$prep->bindParam(':won', $won);
$prep->bindParam(':draw', $draw);
$prep->bindParam(':lost', $lost);
$prep->bindParam(':numberofshots', $numberofshots);
$prep->bindParam(':yellowcards', $yellowcards);
$prep->bindParam(':redcards', $redcards);
$prep->bindParam(':goals_for', $goals_for);
$prep->bindParam(':goals_against', $goals_against);
$prep->bindParam(':points', $points);
foreach($result->TeamLeagueStanding as $standing){
$team_id = $standing->Team_Id;
$played = $standing->Played;
$playedathome = $standing->PlayedAtHome;
$playedaway = $standing->PlayedAway;
$won = $standing->Won;
$draw = $standing->Draw;
$lost = $standing->Lost;
$numberofshots = $standing->NumberOfShots;
[etc...]
$prep->execute() or print("PDO execute error: ".$prep->errorInfo()[2]);
The problem is that some leagues don't provide the NumberOfShots value, so $standing->NumberOfShots is an empty string, causing the error:
PDO execute error: Incorrect integer value: '' for column 'numberofshots' at row 1
And that row doesn't get inserted.
How can I make something like
if($numberofshot == "")
$numberofshot = NULL;
or tell PDO to use the default value instead of throwing an error, if the value is incorrect?
http://php.net/manual/en/pdo.setattribute.php
try:
setAttribute(PDO::ATTR_ORACLE_NULLS, PDO::NULL_EMPTY_STRING);
If this parameter needs an integer value then you should cast it to integer
like using intval() function.
$numberofshots = intval($standing->NumberOfShots);
If some string comes in $standing->NumberOfShots it will convert it into number that is 0
Related
I'm using this code and I'm beyond frustration:
try {
$dbh = new PDO('mysql:dbname=' . DB . ';host=' . HOST, USER, PASS);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$dbh->setAttribute(PDO::MYSQL_ATTR_INIT_COMMAND, "SET NAMES 'utf8'");
}
catch(PDOException $e)
{
...
}
$stmt = $dbh->prepare('INSERT INTO table(v1, v2, ...) VALUES(:v1, :v2, ...)');
$stmt->bindParam(':v1', PDO::PARAM_NULL); // --> Here's the problem
PDO::PARAM_NULL, null, '', all of them fail and throw this error:
Fatal error: Cannot pass parameter 2 by reference in /opt/...
You need to use bindValue, not bindParam
bindParam takes a variable by reference, and doesn't pull in a value at the time of calling bindParam. I found this in a comment on the PHP docs:
bindValue(':param', null, PDO::PARAM_INT);
P.S. You may be tempted to do this bindValue(':param', null, PDO::PARAM_NULL); but it did not work for everybody (thank you Will Shaver for reporting.)
When using bindParam() you must pass in a variable, not a constant. So before that line you need to create a variable and set it to null
$myNull = null;
$stmt->bindParam(':v1', $myNull, PDO::PARAM_NULL);
You would get the same error message if you tried:
$stmt->bindParam(':v1', 5, PDO::PARAM_NULL);
When using INTEGER columns (that can be NULL) in MySQL, PDO has some (to me) unexpected behaviour.
If you use $stmt->execute(Array), you have to specify the literal NULL and cannot give NULL by variable reference.
So this won't work:
// $val is sometimes null, but sometimes an integer
$stmt->execute(array(
':param' => $val
));
// will cause the error 'incorrect integer value' when $val == null
But this will work:
// $val again is sometimes null, but sometimes an integer
$stmt->execute(array(
':param' => isset($val) ? $val : null
));
// no errors, inserts NULL when $val == null, inserts the integer otherwise
Tried this on MySQL 5.5.15 with PHP 5.4.1
For those who still have problems (Cannot pass parameter 2 by reference), define a variable with null value, not just pass null to PDO:
bindValue(':param', $n = null, PDO::PARAM_INT);
Hope this helps.
I had the same problem and I found this solution working with bindParam :
bindParam(':param', $myvar = NULL, PDO::PARAM_INT);
If you want to insert NULL only when the value is empty or '', but insert the value when it is available.
A) Receives the form data using POST method, and calls function insert with those values.
insert( $_POST['productId'], // Will be set to NULL if empty
$_POST['productName'] ); // Will be to NULL if empty
B) Evaluates if a field was not filled up by the user, and inserts NULL if that's the case.
public function insert( $productId, $productName )
{
$sql = "INSERT INTO products ( productId, productName )
VALUES ( :productId, :productName )";
//IMPORTANT: Repace $db with your PDO instance
$query = $db->prepare($sql);
//Works with INT, FLOAT, ETC.
$query->bindValue(':productId', !empty($productId) ? $productId : NULL, PDO::PARAM_INT);
//Works with strings.
$query->bindValue(':productName',!empty($productName) ? $productName : NULL, PDO::PARAM_STR);
$query->execute();
}
For instance, if the user doesn't input anything on the productName field of the form, then $productName will be SET but EMPTY. So, you need check if it is empty(), and if it is, then insert NULL.
Tested on PHP 5.5.17
Good luck,
Several answers have given examples of what you should do. But they haven't really explained why you should do one of those things.
The bindParam method is meant to be used with something like a loop (or just repeated statements). It binds a variable reference. So something like
$stmt = $dbh->prepare('INSERT INTO t1 (v1) VALUES(:v1)');
$stmt->bindParam(':v1', $i, PDO::PARAM_INT);
for ($i = 0; $i < 10; $i++) {
$stmt->execute();
}
Would insert values 0 through 9 in a table.
That's obviously a very simple example that could be implemented in other, more efficient ways. You could have more complex logic here. But the basic idea is that you bind a reference to a variable and then you can change the value of the variable.
You can get around the need for a reference by creating a variable before calling bindParam. But in your case, you don't particularly want to bind to a variable reference. You just want to bind a value. So go ahead and do exactly that with bindValue.
You can mostly just use bindValue. But to show why both methods exist, let's rewrite the previous example to use bindValue instead of bindParam:
$stmt = $dbh->prepare('INSERT INTO t1 (v1) VALUES(:v1)');
for ($i = 0; $i < 10; $i++) {
$stmt->bindValue(':v1', $i, PDO::PARAM_INT);
$stmt->execute();
}
This will work, but you have to call bindValue on every iteration of the loop whereas you only needed to call bindParam once. But you aren't doing anything like that, so you can just
$stmt->bindValue(':v1', null, PDO::PARAM_INT);
And everything will work, as stated in the accepted answer. Because you want to bind a value, not a variable reference.
Based on the other answers but with a little more clarity on how to actually use this solution.
If for example you have an empty string for a time value but you want to save it as a null:
if($endtime == ""){
$db->bind(":endtime",$endtime=NULL,PDO::PARAM_STR);
}else{
$db->bind("endtime",$endtime);
}
Notice that for time values you would use PARAM_STR, as times are stored as strings.
So you just need to add an extra If statement that properly changes your variable to NULL before you call bindParam(). Here is an example that I figured out for my situation (I was stuck on this for days trying to INSERT a new DB record with a NULL value for one column):
if ($this->companyid == 'NULL' || $this->companyid == NULL) {
$this->companyid = NULL;
$this->companyname = NULL;
$stmt->bindParam(':companyid', $this->companyid);
$stmt->bindParam(':companyname', $this->companyname);
} else {
$stmt->bindParam(':companyid', $this->companyid);
$stmt->bindParam(':companyname', $this->companyname);
}
Try This.
$stmt->bindValue(':v1', null, PDO::PARAM_NULL); // --> insert null
In my case I am using:
SQLite,
prepared statements with placeholders to handle unknown number of fields,
AJAX request sent by user where everything is a string and there is no such thing like NULL value and
I desperately need to insert NULLs as that does not violates foreign key constrains (acceptable value).
Suppose, now user sends with post: $_POST[field1] with value value1 which can be the empty string "" or "null" or "NULL".
First I make the statement:
$stmt = $this->dbh->prepare("INSERT INTO $table ({$sColumns}) VALUES ({$sValues})");
where {$sColumns} is sth like field1, field2, ... and {$sValues} are my placeholders ?, ?, ....
Then, I collect my $_POST data related with the column names in an array $values and replace with NULLs:
for($i = 0; $i < \count($values); $i++)
if((\strtolower($values[$i]) == 'null') || ($values[$i] == ''))
$values[$i] = null;
Now, I can execute:
$stmt->execute($values);
and among other bypass foreign key constrains.
If on the other hand, an empty string does makes more sense then you have to check if that field is part of a foreign key or not (more complicated).
In the below code, I am attempting to take three form variables ($nps,$sch,$joint) and an id ($weld_id) and insert them into an UPDATE query. The problem is that I get $stmt->error "No data supplied for parameters in prepared statement."
When I cast the id of the row as "i". The weird thing is that the statement will execute error free if I put single quotes around the last question mark and cast as 's', however, the actual database row will not update. The function on row 3 does NOT use prepared statements to select the current values for this row in the database.
I have var_dumped all variables, copied them and successfuly run the query on MySQL workbench. I am out of ideas, please help.
$weld = mysqli_real_escape_string($db,$_POST['id']);
$weld = single_weld_query($db,$weld);
if(isset($_POST['edit_weld_parameters'])){
// Query to update 3 parameters on database entry where id = N
$stmt = $db->prepare("UPDATE `welds` SET `size` = '?' , `sch` = '?' , `joint` = '?' WHERE `id` = ?;");
$stmt->bind_param("sssi", $nps, $sch, $joint, $weld_id);
$nps = isset($_POST['size'])? mysqli_real_escape_string($db,$_POST['size']): $weld['size'];
$sch = isset($_POST['sch'])? mysqli_real_escape_string($db,$_POST['sch']): $weld['sch'];
$joint = isset($_POST['joint'])? mysqli_real_escape_string($db,$_POST['joint']): $weld['joint'];
$nps = (strlen($nps) and in_array($nps,$pipe_obj->sizes))? $nps: $weld['size'];
$sch = (strlen($sch) and in_array($sch,$pipe_obj->schedules))? $sch: $weld['sch'];
$joint = (strlen($joint) and in_array(strtoupper($joint),$pipe_obj->joint_types))? $joint: $weld['joint'];
$weld_id = $weld['id'];
if($stmt->execute()){
echo $weld['weld_number'].' parameters edited.';
}else{
echo $stmt->error;
}
}else{
echo 'ERROR: Form failure.';
}
You're using prepared statements with placeholder values, which is great, but you're also escaping things, which is bad. That ends up double-escaping them. Leave the escaping up to the driver, use placeholder values, and you'll be fine:
if (isset($_POST['edit_weld_parameters'])) {
// Query to update 3 parameters on database entry where id = N
$stmt = $db->prepare("UPDATE `welds` SET `size` = ? , `sch` = ? , `joint` = ? WHERE `id` = ?;");
$stmt->bind_param("sssi",
isset($_POST['size']) ? $_POST['size'] : $weld['size'],
isset($_POST['sch']) ? $_POST['sch'] : $weld['sch'],
isset($_POST['joint'])? $db,$_POST['joint'] : $weld['joint'],
$weld['id']
);
if ($stmt->execute()) {
echo $weld['weld_number'].' parameters edited.';
}
else {
echo $stmt->error;
}
}
else {
echo 'ERROR: Form failure.';
}
There's other code you'll need to wrangle in there, you're doing some very odd things to validate those after the fact, but try and stick with this general pattern.
Let the driver do the work. Do not put '?' in your query. Do not inline strings with interpolation. Don't escape anything that's already a placeholder value. Do try and keep your logic clean and obvious.
I have multiple if and elseif-statements like this:
if ($str == "CARS") {
$first = $db->prepare('INSERT INTO table_CAR (id_CAR, anything) VALUES (:id_CAR, :anything) ON DUPLICATE KEY UPDATE id_CAR = LAST_INSERT_ID(id_CAR)');
$first->bindParam(':id_CAR', $null = null, PDO::PARAM_NULL);
$first->bindParam(':anything', $anything, PDO::PARAM_STR);
$first->execute();
}
else if ($str == "PLANES") {
$first = $db->prepare('INSERT INTO table_PLANES (id_PLANES, anything) VALUES (:id_PLANES, :anything) ON DUPLICATE KEY UPDATE id_PLANES = LAST_INSERT_ID(id_PLANES)');
$first->bindParam(':id_PLANES', $null = null, PDO::PARAM_NULL);
$first->bindParam(':anything', $anything, PDO::PARAM_STR);
$first->execute();
}
Now I would like to make a function of that, because there is also done the same thing. The only difference are the names. But how can I put these words (CAR and PLANES) into variables? My problems are, that these words are part of queries and parameters and they aren't always the same (CARS != CAR).
You can always construct the sql query in a variable first:
function insert($table, $anything) {
// check $table using a whitelist to prevent SQL injections!
$sql = 'INSERT INTO table_' . $table . ' (anything) VALUES (:anything)';
$first->bindParam(':anything', $anything, PDO::PARAM_STR);
$first->execute();
}
As you can see, I cleaned up your query a bit. There's no need to insert a NULL value for AUTO_INCREMENT fields as MySQL will insert the correct value for you.
I have this array
$REV = Array
(
0 => 240,
1 => 241,
2 => 242,
3 => 243,
4 => 249
);
and i'm using this code bellow to insert for now, stored each array's element in a row with $id, $userID, Type and Date
if (!empty($REV)) {
foreach ($REV as $val_rev) {
$values_rev[] = "('" . $ID . "','REV','" . $val_rev . "','" . $IDUSER . "',GETDATE())";
}
$values_rev_insert = implode(',', $values_rev);
$query_rev = "insert into dbo.CCLine (ID,CCType,CSID,IdUSer,DateCreated)values" . $values_rev_insert;
mssql_query($query_rev);
}
But what i want is can use this stored procedure but i dont have idea how to make to insert in one time using the sp:
$stmt = mssql_init('sp_insertRev');
mssql_bind($stmt, '#ID', $ID, SQLINT4);
mssql_bind($stmt, '#CCType', 'REV', SQLVARCHAR);
The array does not work here
mssql_bind($stmt, '#CSID', $val_rev, SQLINT4);//An example
mssql_bind($stmt, '#IdUSer', $IDUSER, SQLCHAR);
$result = mssql_execute($stmt);
How can i use this SP with the array
CREATE PROCEDURE [dbo].[sp_HCCInsert]
#ID int
,#CCType varchar(10)
,#CSID varchar(10)
,#IdUSer char(15)
AS
BEGIN
SET NOCOUNT ON;
DECLARE #CCID as INT
INSERT INTO [dbo].[CCLine]
([ID]
,[CCType]
,[CSID]
,[IdUSer]
,[DateCreated])
VALUES
(#ID
,#CCType
,#CSID
,#IdUSer
,GETDATE())
SET #CCID = ##IDENTITY
Select #CCID as CCID
END
I've found solution to your problem in this post
It's all about passing the array as XML string which is passed to the procedure and in procedure it is used in INSERT SELECT statement with OPENXML function.
CREATE PROCEDURE [dbo].[sp_HCCInsert]
(
#XMLDoc XML
)
Then use function OPENXML in MSSQL. You should read this topic.
So pseudo code will look like
INSERT ... SELECT OPENXML(#XML...)
After you read it and fit to your needs just pass XML to procedure.
Some useful links about OPENXML
http://msdn.microsoft.com/pl-pl/library/ms175160.aspx
Using OPENXML in SQL Server 2008 stored proc - INSERT order differs from XML document
http://www.informit.com/articles/article.aspx?p=26499
Moreover, I'd suggest using PDO because it has better abstract layer. I hope that it helped you.
I tend to use PDO instead of the mssql_* functions, you can still use dblib and you can bind that array quite simply. One thing though, you have 5 elements in that array but only 4 input variables to your stored procedure. This example will assume you only have 4 elements in your array.
$sql = "EXEC sp_HCCInsert ?, ?, ?, ?"; // SQL string with ? where params should go
$pdh = new PDO("dblib:host=somthing.somewhere\\INSTANCENAME;port=1433;dbname=MyDatabase;","username","password");
$sth = $pdh->prepare($sql); // Prepare query
$sth->execute($REV); // Execute and bind non-associative array
The only caution with using the PDO with dblib on PHP 5.3 or before, it goes and does a prefetch on execute. So if you execute a huge query and you want to loop through each record one at a time... sorry, you get the whole thing buffered first.
Also, you can use an associative array if you'd like
$REV = array(":ID" => 240, ":CCType" => 241, ":CSID" => 242, ":IdUSer" => 243);
$sql = "EXEC sp_HCCInsert :ID, :CCType, :CSID, :IdUSer"; // SQL string with named params
$pdh = new PDO("dblib:host=somthing.somewhere\\INSTANCENAME;port=1433;dbname=MyDatabase;","username","password");
$sth = $pdh->prepare($sql); // Prepare query
$sth->execute($REV); // Execute and bind associative array
The best part is, the execute method for the PDO::Statement escapes strings! Safety first you know.
$sql = "INSERT INTO table column(c1,c2)
VALUES('d1','d2'),('dd1','dd2'),('ddd1','ddd2')";// this is the basic sql command
$data = array('data1','data2','data3');
$data = '('.implode(', ',$data).')';
$sql = "INSERT INTO table column(c1,c2) VALUES $data";
$data = array(array('1','2','3'),array('4','5','6'),array('7','8','9'));
$xa = array();
$a = 0;
foreach($data as $dt)
{
$xa[$a] = '('.implode(',',$dt).')';
++$a;
}
$data = '('.implode(',',$xa).')';
$sql = "INSERT INTO table column(c1,c2) VALUES $data";
I'm using this code and I'm beyond frustration:
try {
$dbh = new PDO('mysql:dbname=' . DB . ';host=' . HOST, USER, PASS);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$dbh->setAttribute(PDO::MYSQL_ATTR_INIT_COMMAND, "SET NAMES 'utf8'");
}
catch(PDOException $e)
{
...
}
$stmt = $dbh->prepare('INSERT INTO table(v1, v2, ...) VALUES(:v1, :v2, ...)');
$stmt->bindParam(':v1', PDO::PARAM_NULL); // --> Here's the problem
PDO::PARAM_NULL, null, '', all of them fail and throw this error:
Fatal error: Cannot pass parameter 2 by reference in /opt/...
You need to use bindValue, not bindParam
bindParam takes a variable by reference, and doesn't pull in a value at the time of calling bindParam. I found this in a comment on the PHP docs:
bindValue(':param', null, PDO::PARAM_INT);
P.S. You may be tempted to do this bindValue(':param', null, PDO::PARAM_NULL); but it did not work for everybody (thank you Will Shaver for reporting.)
When using bindParam() you must pass in a variable, not a constant. So before that line you need to create a variable and set it to null
$myNull = null;
$stmt->bindParam(':v1', $myNull, PDO::PARAM_NULL);
You would get the same error message if you tried:
$stmt->bindParam(':v1', 5, PDO::PARAM_NULL);
When using INTEGER columns (that can be NULL) in MySQL, PDO has some (to me) unexpected behaviour.
If you use $stmt->execute(Array), you have to specify the literal NULL and cannot give NULL by variable reference.
So this won't work:
// $val is sometimes null, but sometimes an integer
$stmt->execute(array(
':param' => $val
));
// will cause the error 'incorrect integer value' when $val == null
But this will work:
// $val again is sometimes null, but sometimes an integer
$stmt->execute(array(
':param' => isset($val) ? $val : null
));
// no errors, inserts NULL when $val == null, inserts the integer otherwise
Tried this on MySQL 5.5.15 with PHP 5.4.1
For those who still have problems (Cannot pass parameter 2 by reference), define a variable with null value, not just pass null to PDO:
bindValue(':param', $n = null, PDO::PARAM_INT);
Hope this helps.
I had the same problem and I found this solution working with bindParam :
bindParam(':param', $myvar = NULL, PDO::PARAM_INT);
If you want to insert NULL only when the value is empty or '', but insert the value when it is available.
A) Receives the form data using POST method, and calls function insert with those values.
insert( $_POST['productId'], // Will be set to NULL if empty
$_POST['productName'] ); // Will be to NULL if empty
B) Evaluates if a field was not filled up by the user, and inserts NULL if that's the case.
public function insert( $productId, $productName )
{
$sql = "INSERT INTO products ( productId, productName )
VALUES ( :productId, :productName )";
//IMPORTANT: Repace $db with your PDO instance
$query = $db->prepare($sql);
//Works with INT, FLOAT, ETC.
$query->bindValue(':productId', !empty($productId) ? $productId : NULL, PDO::PARAM_INT);
//Works with strings.
$query->bindValue(':productName',!empty($productName) ? $productName : NULL, PDO::PARAM_STR);
$query->execute();
}
For instance, if the user doesn't input anything on the productName field of the form, then $productName will be SET but EMPTY. So, you need check if it is empty(), and if it is, then insert NULL.
Tested on PHP 5.5.17
Good luck,
Several answers have given examples of what you should do. But they haven't really explained why you should do one of those things.
The bindParam method is meant to be used with something like a loop (or just repeated statements). It binds a variable reference. So something like
$stmt = $dbh->prepare('INSERT INTO t1 (v1) VALUES(:v1)');
$stmt->bindParam(':v1', $i, PDO::PARAM_INT);
for ($i = 0; $i < 10; $i++) {
$stmt->execute();
}
Would insert values 0 through 9 in a table.
That's obviously a very simple example that could be implemented in other, more efficient ways. You could have more complex logic here. But the basic idea is that you bind a reference to a variable and then you can change the value of the variable.
You can get around the need for a reference by creating a variable before calling bindParam. But in your case, you don't particularly want to bind to a variable reference. You just want to bind a value. So go ahead and do exactly that with bindValue.
You can mostly just use bindValue. But to show why both methods exist, let's rewrite the previous example to use bindValue instead of bindParam:
$stmt = $dbh->prepare('INSERT INTO t1 (v1) VALUES(:v1)');
for ($i = 0; $i < 10; $i++) {
$stmt->bindValue(':v1', $i, PDO::PARAM_INT);
$stmt->execute();
}
This will work, but you have to call bindValue on every iteration of the loop whereas you only needed to call bindParam once. But you aren't doing anything like that, so you can just
$stmt->bindValue(':v1', null, PDO::PARAM_INT);
And everything will work, as stated in the accepted answer. Because you want to bind a value, not a variable reference.
Based on the other answers but with a little more clarity on how to actually use this solution.
If for example you have an empty string for a time value but you want to save it as a null:
if($endtime == ""){
$db->bind(":endtime",$endtime=NULL,PDO::PARAM_STR);
}else{
$db->bind("endtime",$endtime);
}
Notice that for time values you would use PARAM_STR, as times are stored as strings.
So you just need to add an extra If statement that properly changes your variable to NULL before you call bindParam(). Here is an example that I figured out for my situation (I was stuck on this for days trying to INSERT a new DB record with a NULL value for one column):
if ($this->companyid == 'NULL' || $this->companyid == NULL) {
$this->companyid = NULL;
$this->companyname = NULL;
$stmt->bindParam(':companyid', $this->companyid);
$stmt->bindParam(':companyname', $this->companyname);
} else {
$stmt->bindParam(':companyid', $this->companyid);
$stmt->bindParam(':companyname', $this->companyname);
}
Try This.
$stmt->bindValue(':v1', null, PDO::PARAM_NULL); // --> insert null
In my case I am using:
SQLite,
prepared statements with placeholders to handle unknown number of fields,
AJAX request sent by user where everything is a string and there is no such thing like NULL value and
I desperately need to insert NULLs as that does not violates foreign key constrains (acceptable value).
Suppose, now user sends with post: $_POST[field1] with value value1 which can be the empty string "" or "null" or "NULL".
First I make the statement:
$stmt = $this->dbh->prepare("INSERT INTO $table ({$sColumns}) VALUES ({$sValues})");
where {$sColumns} is sth like field1, field2, ... and {$sValues} are my placeholders ?, ?, ....
Then, I collect my $_POST data related with the column names in an array $values and replace with NULLs:
for($i = 0; $i < \count($values); $i++)
if((\strtolower($values[$i]) == 'null') || ($values[$i] == ''))
$values[$i] = null;
Now, I can execute:
$stmt->execute($values);
and among other bypass foreign key constrains.
If on the other hand, an empty string does makes more sense then you have to check if that field is part of a foreign key or not (more complicated).