PDO bindParam confusion

**uprightdog** · Oct 11, 2007, 16:39

I am exploring PDO at the moment, and for the life of me I cannot see the point of such things as PDO::PARAM_INT within bindParam. Supposedly it is meant to raise an error, but I can bind whatever param I like, integer or not, and the query executes without blinking an eye.

An example that I copied verbatim can be found here: http://phpro.org/tutorials/Introduct...HP-PDO.html#10

The following PDO::PARAM_INT and PDO::PARAM_STR seem to have no effect whatsoever:
$stmt->bindParam(':animal_id', $animal_id, PDO::PARAM_INT);
$stmt->bindParam(':animal_name', $animal_name, PDO::PARAM_STR, 5);

What am I missing?

**Czaries** · Oct 11, 2007, 16:58

I am not 100% sure how it works, but it looks like it may just be casting the value to the specified type instead of raising an error. If that is the case, it would be identical to:

$stmt->bindParam(':animal_id', (int) $animal_id);

**logic_earth** · Oct 11, 2007, 18:06

It doesn't validate the value it cast it and puts it into the query fitting the field type setting in the table.

For example char fields in SQL need to be quoted but integers do not.
Prepared statements quotes values that need to be quoted and those that are not, etc.

It does not validate.

Code:

bool bindParam ( mixed $parameter, mixed &$variable [, int $data_type [, int $length [, mixed $driver_options]]] )

data_type
Explicit data type for the parameter using the PDO::PARAM_* constants. Defaults to PHP native type. To return an INOUT parameter from a stored procedure, use the bitwise OR operator to set the PDO::PARAM_INPUT_OUTPUT bits for the data_type parameter.

**Tanus** · Oct 11, 2007, 19:31

As far as I remember, it's for telling PDO how to do things such as escaping the value when building the final SQL statement.

**stoproductions** · Oct 12, 2007, 06:19

The answer i believe is in the query and database itself. I have not used PDO more than a few times, but if i recall correctly the usage i had for defining that third field was to bind a boolean 'false' parameter. Just giving it 'false' converted it into a string, and postgresql did not like having a string put into a boolean only field.

PHP Code:


$trueOrFalse = true;



//This code works

$stmt->bindParam(':boolean', $trueOrFalse, PDO::PARAM_BOOL);



//This code has the database saying nasty things about my mother

$stmt->bindParam(':boolean', $trueOrFalse);

So to answer your question you were not getting any errors because your datafield definitions are probably not very strict. Also, PARAM_* is not meant to check the type received, it is just meant to tell pdo that this is what it should go into the database as.

The best resource for pdo, it's parameters and gotcha's can be found at: http://us2.php.net/pdo.

Also, another thing to watch for is misuse of bindParam(). bindParam() is meant to be used only when your parameter will be changing throughout the course of the function you declared. bindValue() will bind a single value and has the same syntax as bindParam().

Hope this gives you a heads up on PDO. Read through the PHP documentation on pdo i provided via the link. You'll have it up and running in no time.

-Nick

User Tag List

Thread: PDO bindParam confusion

Thread Tools

Display

PDO bindParam confusion

PDO freedom!

Bookmarks

Bookmarks

Posting Permissions