$qstringvals = array();
$paramlist = "";
for ($i = 0; $i < number_of_records; $i++) {
$qstringvals[] = "(?, ?, NOW())";
$paramlist .= "ii"
}
So lets say there were 3 records.
$qstringvals is now an array of size 3, each element containing the string “(?, ?, NOW())”
$paramlist is now “iiiiii” (If you wanted strings, put the s’s in there instead, whatever format it is.
$parameters must be an array of size 6 (all integers; what values they hold are not relevant)
$q3 = "INSERT INTO private_msg_recipient(member_id_to, message_id, created_on) VALUES ".implode(',',$qstringvals);
turns $q3 into “INSERT INTO private_msg_recipient(member_id_to, message_id, created_on) VALUES (?, ?, NOW()),(?, ?, NOW()),(?, ?, NOW())”
This then gets Prepared.
call_user_func_array('mysqli_stmt_bind_param', array_merge (array($stmt3, $paramlist), $parameters);
This then (so the example goes) takes your parameters, and binds them all into the statement because of how it smashes all the values together. It’s sort of a weakness of the mysqli function that makes this necessary (if the third parameter of bind_param could accept arrays [or in fact, have only 3 parameters - the third being a Mixed type], you wouldnt have an issue here.)
This is also why I prefer PDO, because you can simply loop the bindParam calls, making it much more readable.