SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Member
    Join Date
    Sep 2012
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Difficulty with select in prepared sttatments

    I wish to accomplish the following

    mysqli_stmt_bind_param($stmt, 'sis', $_POST['Site'], $_POST['MedRec'], $_POST['Sex']);

    This statemnt was hand coded. I wish to be able to generalize it.

    Therefore -

    $sql11 = "SELECT Site, MedRec, Fname, Lname, Phone, Height, Sex, Hx, Bday, Age FROM Intake3 where 1 ";

    $allowed_fields = array
    ( 'Site' =>$_POST['Site'], 'MedRec' => $_POST['MedRec'], 'Fname' => $_POST['Fname'], 'Lname' => $_POST['Lname'] ,
    'Phone' => $_POST['Phone'] , 'Height' => $_POST['Height'], 'Sex' => $_POST['Sex'], 'Hx' => $_POST['Hx'],
    'Bday' => $_POST['Bday'], 'Age' => $_POST['Age'] );

    $z0 ='$_POST';
    $z0 .="['Site']";

    $z1 ='$_POST';
    $z1 .="['MedRec']";

    $z2 ='$_POST';
    $z2 .="['Fname']";
    .
    .
    .

    $indeces = array(
    "0" => array
    (
    'tpe'=> 's',
    "val" => $z0
    ),
    "1" => array
    (
    "tpe" => "i",
    "val"=> $z1
    ),
    .

    .

    $binder = array(); //array to hold variables
    $typer = array(); //array to hold variable type
    $position = -1;
    foreach ( $allowed_fields as $key => $val )
    {
    $position = $position + 1;

    if ($val != '')
    {
    array_push($binder, $indeces[$position]['val']);
    array_push($binder, ", ");
    array_push($typer, $indeces[$position]['tpe']);
    $sql11 .= " AND ($key = ?) ";
    }

    }
    array_pop($binder);

    The above generates the following query:

    SELECT Site, MedRec, Fname, Lname, Phone, Height, Sex, Hx, Bday, Age FROM Intake3 where 1 AND (Site = ?) AND (MedRec = ?) AND (Sex = ?)



    //Construct the strings for the mysqli_stmt_bind_param statement

    $typ2 = implode($typer);
    $typ3 = "'";
    $typ3 .=$typ2;
    $typ3 .= "'";

    $bind3 = implode($binder);

    //This statement works perfectly. mysqli_stmt_bind_param($stmt, 'sis', $_POST['Site'], $_POST['MedRec'], $_POST['Sex']);

    //This one fails

    mysqli_stmt_bind_param($stmt, $typ3, $bind3);

    With the following error message:

    Warning: mysqli_stmt_bind_param(): Number of elements in type definition string doesn't match number of bind variables

    echo "<br />$typ3";'sis'

    echo "<br /> $bind3"; $_POST['Site'], $_POST['MedRec'], $_POST['Sex']



    Help and Advice, please

  2. #2
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,122
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Unfortunately, implode creates a string of comma separated values, which is not what bind_parm is expecting. To bind_parm, that looks like 1 parameter that has commas and other values within it.

    What you really want is to be able to pass an array to bind_param or execute which seems to only be available if you use PDO (at least from my quick searching) or you will need to just concatenate the query using mysqli_real_escape_string around your variables.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •