PDOStatement->bindColumn()
Building on from previous comment by Sam Bou...
bindParam() can be used in a loop like this:
<?php
...
$stmt = $db->prepare("INSERT INTO users (email) VALUES (:email)");
$stmt->bindParam(':email', $val, PDO::PARAM_STR);
foreach($emails as $val) $stmt->execute();
?>
PDOStatement->bindParam()
(PHP 5 >= 5.1.0, PECL pdo:0.1-1.0.3)
PDOStatement->bindParam() — Binds a parameter to the specified variable name
Description
PDOStatement
bool bindParam
( mixed $parameter
, mixed &$variable
[, int $data_type
[, int $length
[, mixed $driver_options
]]] )
Binds a PHP variable to a corresponding named or question mark placeholder in the SQL statement that was use to prepare the statement. Unlike PDOStatement->bindValue(), the variable is bound as a reference and will only be evaluated at the time that PDOStatement->execute() is called.
Most parameters are input parameters, that is, parameters that are used in a read-only fashion to build up the query. Some drivers support the invocation of stored procedures that return data as output parameters, and some also as input/output parameters that both send in data and are updated to receive it.
Parameters
- parameter
-
Parameter identifier. For a prepared statement using named placeholders, this will be a parameter name of the form :name. For a prepared statement using question mark placeholders, this will be the 1-indexed position of the parameter.
- variable
-
Name of the PHP variable to bind to the SQL statement parameter.
- data_type
-
Explicit data type for the parameter using the PDO::PARAM_* constants. Defaults to PHP native type. To return an INOUT parameter from a stored procedure, use the bitwise OR operator to set the PDO::PARAM_INPUT_OUTPUT bits for the data_type parameter.
- length
-
Length of the data type. To indicate that a parameter is an OUT parameter from a stored procedure, you must explicitly set the length.
- driver_options
-
Return Values
Returns TRUE on success or FALSE on failure.
Examples
Example#1 Execute a prepared statement with named placeholders
<?php
/* Execute a prepared statement by binding PHP variables */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < :calories AND colour = :colour');
$sth->bindParam(':calories', $calories, PDO::PARAM_INT);
$sth->bindParam(':colour', $colour, PDO::PARAM_STR, 12);
$sth->execute();
?>
Example#2 Execute a prepared statement with question mark placeholders
<?php
/* Execute a prepared statement by binding PHP variables */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < ? AND colour = ?');
$sth->bindParam(1, $calories, PDO::PARAM_INT);
$sth->bindParam(2, $colour, PDO::PARAM_STR, 12);
$sth->execute();
?>
Example#3 Call a stored procedure with an INOUT parameter
<?php
/* Call a stored procedure with an INOUT parameter */
$colour = 'red';
$sth = $dbh->prepare('CALL puree_fruit(?)');
$sth->bindParam(1, $colour, PDO::PARAM_STR|PDO::PARAM_INPUT_OUTPUT, 12);
$sth->execute();
print("After pureeing fruit, the colour is: $colour");
?>
add a note
User Contributed NotesPDOStatement->bindParam()
phil[AT]papg[DOT]net
12-Mar-2008 02:04
12-Mar-2008 02:04
Sam Bou
01-Dec-2007 05:56
01-Dec-2007 05:56
If you're using bindParam in a loop such as this:
$counter=1;
foreach($email as $val){
$stmt->bindParam($counter, $val, PDO::PARAM_STR);
$counter++;
}
It will fail because $val is local and the variable is bound as a reference and will only be evaluated at the time that PDOStatement->execute() is called.
So use bindValue instead.
xzilla at users dot sourceforge dot net
13-Sep-2007 11:07
13-Sep-2007 11:07
currently this is not supported in the PostgreSQL driver either, though AIUI this is supported in the PostgreSQL C API, so it could be added.
jeffwa+php at gmail dot com
11-Jul-2007 04:49
11-Jul-2007 04:49
Took me forever to find this elsewhere in the notes in the manual, so I'd thought I'd put this tidbit here to help others in the future.
When using a LIKE search in MySQL along with a prepared statement, the *value* must have the appropriate parentheses attached before the bindParam() statement as such:
<?php
$dbc = $GLOBALS['dbc'];
$sql = "SELECT * FROM `tbl_name` WHERE tbl_col LIKE ?";
$stmt = $dbc->prepare($sql);
$value = "%{$value}%";
$stmt->bindParam($i, $value, PDO::PARAM_STR);
?>
Trying to use
<?php
$stmt->bindParam($i, "%{$value}%", PDO::PARAM_STR);
?>
will fail.
m dot van dot urk at comsi dot nl
02-Jul-2007 10:33
02-Jul-2007 10:33
You can't bind a table name in the query.
So the following code isn't working:
$a = 'klanten';
$sQuery = "SELECT COUNT(*) FROM ? WHERE email = 'info@site.uk' AND wachtwoord = 'welcome'";
$rResult2 = $login->db->prepare($sQuery);
$rResult2->bindValue(1, $a);
$rResult2->execute();
}
catch (PDOException $e) {
die( $e-getMessage());
}
if ($rResult2->fetchColumn() == 0) {
echo 'false';
} else {
echo 'true';
}
willie at spenlen dot com
14-Jun-2007 02:49
14-Jun-2007 02:49
If you're using the MySQL driver and have a stored procedure with an OUT or INOUT parameter, you can't (currently) use bindValue(). See http://bugs.php.net/bug.php?id=35935 for a workaround.