So, I am passing arrays of values that will vary upon use into a method that then inserts them into a database. My problem is the way in which the parameters are bound.
public function insertValues($table, $cols, $values)
{
$mysqli = new mysqli(DBHOST, DBUSER, DBPASSWORD, DBDATABASE);
$colString = implode(', ', $cols); // x, x, x
$valString = implode(', ', array_fill(0, count($values), '?')); // ?, ?, ?
$sql = "INSERT INTO $table ($colString) VALUES($valString)";
if (!$stmt = $mysqli->prepare($sql))
echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
// THIS IS THE PROBLEM AREA
foreach ($values as $v)
if (!$stmt->bind_param('s', $v))
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
if (!$stmt->execute())
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
$stmt->close();
$mysqli->close();
}
I need a way to bind all the parameters at once I think, and not one at a time, but I can't figure out a useful way to do this. Any help would be greatly appreciated.
I found the answer for the problem you are looking for on PHP.net (http://php.net/manual/en/mysqli-stmt.bind-param.php). I'm pasting it here for convenience, all credit goes to a man going by the email Nick9v ^ät^ hotmail -remove- -dot- com
When dealing with a dynamic number of field values while preparing a
statement I find this class useful.
[Editor's note: changed BindParam::add() to accept $value by reference
and thereby prevent a warning in newer versions of PHP.]
<?php
class BindParam{
private $values = array(), $types = '';
public function add( $type, &$value ){
$this->values[] = $value;
$this->types .= $type;
}
public function get(){
return array_merge(array($this->types), $this->values);
}
}
?>
Usage is pretty simple. Create an instance and use the add method to populate. When you're ready to execute simply use the get method.
<?php
$bindParam = new BindParam();
$qArray = array();
$use_part_1 = 1;
$use_part_2 = 1;
$use_part_3 = 1;
$query = 'SELECT * FROM users WHERE ';
if($use_part_1){
$qArray[] = 'hair_color = ?';
$bindParam->add('s', 'red');
}
if($use_part_2){
$qArray[] = 'age = ?';
$bindParam->add('i', 25);
}
if($use_part_3){
$qArray[] = 'balance = ?';
$bindParam->add('d', 50.00);
}
$query .= implode(' OR ', $qArray);
//call_user_func_array( array($stm, 'bind_param'), $bindParam->get());
echo $query . '<br/>';
var_dump($bindParam->get());
?>
This gets you the result that looks something like this:
SELECT * FROM users WHERE hair_color = ? OR age = ? OR balance = ?
array(4) { [0]=> string(3) "sid" 1=> string(3) "red" [2]=> int(25) [3]=> float(50) }
The code doesn't work because bind_param has to have all of the query parameters in a single call to the function instead of multiple calls for each parameter, also it needs variables passed by reference, so in the foreach call it would always be the same variable with the value that it had in the last iteration of the loop.
The easiest way would be to compose an array with the types and parameters, and then pass it to bind_param with a call to call_user_func_array, for example:
$params = array();
$types = '';
foreach ($values as $k => $v)
{
$types .= 's';
$params[] = &$values[$k];
}
$bind_params = array_merge(array($types), $params);
if (!call_user_func_array(array($stmt, 'bind_param'), $bind_params))
// ...
Note that bind_param expects variables to be passed by reference not by value, otherwise it would be a couple of lines constructing an array with values, instead of the foreach loop.
Related
I'm working with PHP PDO and I have the following problem:
Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in /var/www/site/classes/enterprise.php on line 63
Here is my code:
public function getCompaniesByCity(City $city, $options = null) {
$database = Connection::getConnection();
if(empty($options)) {
$statement = $database->prepare("SELECT * FROM `empresas` WHERE `empresas`.`cidades_codigo` = ?");
$statement->bindValue(1, $city->getId());
}
else {
$sql = "SELECT * FROM `empresas`
INNER JOIN `prods_empresas` ON `prods_empresas`.`empresas_codigo` = `empresas`.`codigo` WHERE ";
foreach($options as $option) {
$sql .= '`prods_empresas`.`produtos_codigo` = ? OR ';
}
$sql = substr($sql, 0, -4);
$sql .= ' AND `empresas`.`cidades_codigo` = ?';
$statement = $database->prepare($sql);
echo $sql;
foreach($options as $i => $option) {
$statement->bindValue($i + 1, $option->getId());
}
$statement->bindValue(count($options), $city->getId());
}
$statement->execute();
$objects = $statement->fetchAll(PDO::FETCH_OBJ);
$companies = array();
if(!empty($objects)) {
foreach($objects as $object) {
$data = array(
'id' => $object->codigo,
'name' => $object->nome,
'link' => $object->link,
'email' => $object->email,
'details' => $object->detalhes,
'logo' => $object->logo
);
$enterprise = new Enterprise($data);
array_push($companies, $enterprise);
}
return $companies;
}
}
It looks like you're trying to build a long(?) series of 'or' comparisons: if (x=1) or (x=2) or (x=3) etc.... You may find it easier to replace it with:
$cnt = count($options);
if ($cnt > 0) {
$placeholders = str_repeat(', ?', $cnt - 1);
$sql .= 'WHERE '`prods_empresas`.`produtos_codigo` IN (?' . $placeholders . ')';
}
which, if there were 5 options, would give you
WHERE prods_empresas.produtos_condigo IN (?, ?, ?, ?, ?)
And then do the values binding with:
$pos = 1;
foreach ($options as $option) {
$statement->bindValue($pos, $option->getId());
$pos++
}
You have a mismatch between the amount of bound parameters and the amount of binds in the SQL. Double check that the amount of ? and the amount of bound parameters is the same.
Additionally, HY093 will show up if you have tried to bind a parameter that does not exist:
$stmt = "INSERT INTO table VALUES (:some_value)";
$stmt->bindValue(':someValue', $someValue, PDO::PARAM_STR);
See that :some_value does not match :someValue! The fix is:
$stmt = "INSERT INTO table VALUES (:some_value)";
$stmt->bindValue(':some_value', $someValue, PDO::PARAM_STR);
Positional parameters in SQL start at 1. You're handling this by binding to position $i+1 in your $options loop.
But then you bind the last parameter for cidades_codigo to position count($options), which overwrites the last parameter set in the $options loop.
You need to bind the last parameter to position count($options)+1.
FWIW, you don't need to bindValue() at all. It's easier to just pass an array of parameters to execute(). Here's how I'd write this function:
public function getCompaniesByCity(City $city, $options = null) {
$database = Connection::getConnection();
$sql = "SELECT * FROM `empresas` WHERE `empresas`.`cidades_codigo` = ?"
$params = array();
$params[] = $city->getId();
if ($options) {
$sql .= " AND `prods_empresas`.`produtos_codigo` IN ("
. join(",", array_fill(1, count($options), "?") . ")";
foreach ((array)$options as $option) {
$params[] = $option->getId();
}
}
$statement = $database->prepare($sql);
echo $sql;
$statement->execute($params);
. . .
Also be sure to check the return value of prepare() and execute(), it will be false if there's an error, and you need to check for that and report the error. Or else enable PDO to throw exceptions on error.
I was running into this problem due to having extra entries in the named parameter mapping array passed to PDO::Statement->execute()
$args=array (":x" => 17 );
$pdo->prepare("insert into foo (x) values (:x)");
$pdo->execute($args); // success
$args[':irrelevant']=23;
$pdo->execute($args) // throws exception with HY093
Since you have made $i+1 in the loop so count($options) would equal the last $i+1 which makes a duplicate binding.Try
foreach($options as $i => $option)
{
$statement->bindValue($i + 1, $option->getId());
}
$statement->bindValue(count($options)+1, $city->getId());
I tried what I could to solve this error without any success.
I'm trying to dynamically build a select query with prepared statement :
I've got this code
$gm = $_GET['gm'];
$ct = $_GET['ct'];
$query = 'SELECT * FROM fchar';
$cond = array();
$params = array();
$type = array();
if (!empty($gm)) {
$cond[] = "gm = ?";
$params[] = $gm;
$type[] = "i";
}
if (!empty($ct)) {
$cond[] = "ct = ?";
$params[] = $ct;
$type[] = "s";
}
if (count($cond)) {
$query .= ' WHERE ' . implode(' AND ', $cond);
}
if (count($params)) {
$paramok = implode(', ', $params);
}
if (count($type)) {
$typeok = implode($type);
}
$stmt = $connection->prepare($query);
$stmt->bind_param(''.$typeok.'',$paramok);
$stmt->execute();
if (!$stmt->execute()) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
while ($stmt->fetch()) {
}
I've got this error :
Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables in C:\xampp\htdocs\cebusingles\search.php on line 42
But when I echo the types and params, I've got this :
echo "<br><br>Types : ".$typeok."<br>Param: ".$paramok."<br><br>Query: ".$query."<br><br>";
// gives :
// Types : is
// Param: 1, USA
// Query: SELECT * FROM fchar WHERE gm = ? AND ct = ?
So I have 2 types : is, and 2 param : 1, USA.
I don't understand why it says that the number of types is not matching the number of params.
$stmt->bind_param(''.$typeok.'',$paramok);
Is missing what type of variabled you're trying to insert on the ? places
$stmt->bind_param('ss', ''.$typeok.'', $paramok);
You can read here what characters should be used when using numbers, strings or such:
http://php.net/manual/en/mysqli-stmt.bind-param.php
types
A string that contains one or more characters which specify the types
for the corresponding bind variables:
This question already has answers here:
Build SELECT query with dynamic number of LIKE conditions as a mysqli prepared statement
(2 answers)
Closed 3 years ago.
I'm trying to make a function that receive a query (sql) and a parameter (array) but I receive this error:
PHP Warning: Parameter 2 to mysqli_stmt::bind_param() expected to be
a reference, value given
My code is:
function dbRead($query, $param) {
$mysqli = new mysqli(DB::READ_HOST, DB::READ_USER, DB::READ_PASS, DB::NAME);
// Check that connection was successful.
if ($mysqli->connect_error) {
$result = "Connection error";
} else {
// Check that $conn creation succeeded
if ($conn = $mysqli->prepare($query)) {
call_user_func_array(array($conn, 'bind_param'), $param);
$conn->execute();
$result = $conn->get_result();
$result = $result->fetch_array();
$conn->close();
} else {
$result = "Prepare failed";
}
}
$mysqli->close();
return $result;
}
$test = dbRead('SELECT * FROM user WHERE id=? and email=?', array(123,'example#example.com'))
And if my function code is
function dbRead($query, $param) {
$mysqli = new mysqli(DB::READ_HOST, DB::READ_USER, DB::READ_PASS, DB::NAME);
// Check that connection was successful.
if ($mysqli->connect_error) {
$result = "Connection error";
} else {
// Check that $conn creation succeeded
if ($conn = $mysqli->prepare($query)) {
$ref = array();
foreach ($param as $key => $value) {
$ref[$key] = &$param[$key];
}
call_user_func_array(array($conn, 'bind_param'), $ref);
$conn->execute();
$result = $conn->get_result();
$result = $result->fetch_array();
$conn->close();
} else {
$result = "Prepare failed";
}
}
$mysqli->close();
return $result;
}
I receive this error
PHP Warning: mysqli_stmt::bind_param(): Number of elements in type
definition string doesn't match number of bind variables
My PHP version is 5.4.36
I was trying to do something very similar and pieced together the solution from a few different posts on PHP References and bind_param. What's probably not immediately clear from the bind_param examples (or you forgot) is that the first argument is a string of the parameter types, one character per parameter (in your case, likely "is" for int and string), and you already got that the rest of the arguments must be references in your second function definition.
So, creating the arguments array should be something like this instead:
$ref = array("is");
foreach ($param as $value)
$ref[count($ref)] = &$value;
Though there are many ways to do it... and you should probably pass in the argument types along with the query, but MySQL seems to be relaxed when it comes to type exact types. I also prefer to pass the connection around, and support multiple result rows, e.g.:
function doRead($conn, $query, $argTypes, $args){
$success = false;
$execParams = array($argTypes);
foreach($args as $a)
$execParams[count($execParams)] = &$a;
if (!$stmt = $conn->prepare($query)){
echo "Prepare failed: (" . $conn->errno . ") " . $conn->error;
}else if (!call_user_func_array(array($stmt, "bind_param"), $execParams)){
echo "Param Bind failed, [" . implode(",", $args) . "]:" . $argTypes . " (" . $stmt->errno . ") " . $stmt->error;
} else if (!$stmt->execute()) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
} else
$success = true;
$ret = array();
if($success){
$res = $stmt->get_result();
while ($row = $res->fetch_array(MYSQLI_ASSOC))
array_push($ret, $row);
}
$stmt->close();
return $ret;
}
I've written a php function that allows you to update any entry in any table with any string values (one or multiple). PDO does not throw any errors, though the script does not seem to work! I've checked the name of the database, tables and fields multiple times. It's all correct. This is the only query in my functions that does not work. I believe it has something to do with the array im passing in to the SQL statement and the PDO->bindParam() function.
Code:
public function updateTableDetail($table, $id, $params) {
include($this->doc_root . 'config/config.php');
if (is_array($params)) {
foreach ($params as $param) {
$param = Utilities::escapeString($param);
}
} else {
throw new InvalidInputException(InputErrors::NOTANARRAY);
}
if (is_nan($id)) throw new InvalidInputException(InputErrors::NOTANUMBER);
$table = Utilities::escapeString($table);
$sql = "UPDATE " . $table . "
SET " . $config['table_field_updated'] . " = :updated";
while (current($params)) {
$sql .= "," . key($params) . " = :" . key($params);
next($params);
}
reset($params);
$sql .= " WHERE id = :id
AND " . $config['userId'] . " = :userId";
if ($this->serverConnector == null) {
$this->serverConnector = new ServerConnector();
}
if ($this->db == null) {
$this->db = $this->serverConnector->openConnectionOnUserDb($this->dbname);
}
$stmt = $this->db->prepare($sql);
$updated = date("Y-m-d H:i:s");
$stmt->bindParam(':updated',$updated);
$stmt->bindParam(':id',$id);
$stmt->bindParam(':userId',$this->userId);
while ($param = current($params)) {
$stmt->bindParam(":".key($params),$param);
next($params);
}
reset($params);
$stmt->execute();
}
EDIT: Don't worry about the include statement, the $config[]-array and the class-variables. It's all working aswell. Tested their values already.
Change this part:
while ($param = current($params)) {
$stmt->bindParam(":".key($params),$param);
next($params);
}
To:
foreach($params as $key => &value){
$stmt->bindParam(":$key",$value);
}
Because according to PHP Manual: PDOStatement::bindParam
Binds a PHP variable to a corresponding named or question mark
placeholder in the SQL statement that was use to prepare the
statement. Unlike PDOStatement::bindValue(), the variable is bound as
a reference and will only be evaluated at the time that
PDOStatement::execute() is called.
I'm new to mysqli, I wrote a function as below.
1 - I couldn't find a way for SELECT * query and having bind_result to assign each column value to the same name variable. (e.g. name column value of #row stores to $name)
I think bind_result() has no function on a SELECT * query?
2 - So I tried another option, to fetch all rows and assign them to appropriate variable manually through a loop. I think I should use $query->fetch_all() or $query->fetch_assoc() for looping but I encounter with this:
Fatal error: Call to undefined method mysqli_result::fetch_all()
or
Fatal error: Call to undefined method mysqli_result::fetch_assoc()
However I did a phpinfo() and saw mysqlnd was enabled and php version is 5.4.7 (running XAMPP v1.8.1)
And 3- what finally I did is below idea that doesn't work either.
function the_names($name)
{
global $db;
if($query = $db->prepare("SELECT * FROM users where name=?"))
{
$query->bind_param('s', $name);
if($query->execute())
{
$query->store_result();
if($query->num_rows > 1)
{
while($row = $query->fetch())
{
echo $row['name']; // Here is the problem
}
}
else
echo "not valid";
$query->close();
}
}
}
I need a way to store all fetched data as what bind_result() does, or having them in an array for later use, and it's much better to know both. tnx
One word to answer all your questions at once - PDO
It has everything you are trying to get from mysqli (in vain):
function the_names($name)
{
global $db;
$query = $db->prepare("SELECT * FROM users where name=?");
$query->execute(array($name));
return $query->fetchAll();
}
$names = the_names('Joe');
foreach ($names as $row) {
echo $row['name'];
}
Note the proper way of using a function. it should never echo anything, but only return the data for the future use
If your mysqli code doesn't have binding_param() you can just write code like below :
$mysqli = new mysqli("localhost" , "root" , "" , "database_name");
$result = $mysqli->query( "SELECT * FROM users where name=" . $name) ;
while ( $row = $result->fetch_assoc() ) {
echo $row["name"];
}
If you use binding_param() code , you also need to set bind_result()
$db = new mysqli("localhost" , "root" , "" , "database_name");
function the_names($name){
global $db;
/* Prepared statement, stage 1: prepare */
if (!($query = $db->prepare("SELECT * FROM users where name=?"))) { # prepare sql
echo "Prepare failed: (" . $db->errno . ") " . $db->error;
}
/* Prepared statement, stage 2: bind and execute */
if (!$query->bind_param("s", $name)) { # giving param to "?" in prepare sql
echo "Binding parameters failed: (" . $query->errno . ") " . $query->error;
}
if (!$query->execute()) {
echo "Execute failed: (" . $query->errno . ") " . $query->error;
}
$query->store_result(); # store result so we can count it below...
if( $query->num_rows > 0){ # if data more than 0 [ that also mean "if not empty" ]
# Declare the output field of database
$out_id = NULL;
$out_name = NULL;
$out_age = NULL;
if (!$query->bind_result($out_id, $out_name , $out_age)) {
/*
* Blind result should same with your database table !
* Example : my database
* -users
* id ( 11 int )
* name ( 255 string )
* age ( 11 int )
* then the blind_result() code is : bind_result($out_id, $out_name , $out_age)
*/
echo "Binding output parameters failed: (" . $query->errno . ") " . $query->error;
}
while ($query->fetch()) {
# print the out field
printf("id = %s <br /> name = %s <br /> age = %s <br />", $out_id, $out_name , $out_age);
}
}else{
echo "not valid";
}
}
the_names("panji asmara");
Reference :
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php