Write For Us
php
pdo
bind

Binding multiple values in pdo

Viewed   316 times

Is there's an easy way of binding multiple values in PDO without repitition ? Take a look at the following code :

$result_set = $pdo->prepare("INSERT INTO `users` (`username`, `password`, `first_name`, `last_name`) VALUES (:username, :password, :first_name, :last_name)");

$result_set->bindValue(':username', '~user');
$result_set->bindValue(':password', '~pass');
$result_set->bindValue(':first_name', '~John');
$result_set->bindValue(':last_name', '~Doe');

$result_set->execute();

Here, I binded values in a repepeated way which is 4 times. So is there's an easy way of binding multiple values in PDO ?

 Answers

3

You can always bind values within the arguments of execute() as long as you're fine with the values being treated as PDO::PARAM_STR (string).

$result_set = $pdo->prepare("INSERT INTO `users` (`username`, `password`, `first_name`, `last_name`) VALUES (:username, :password, :first_name, :last_name)");
$result_set->execute(array(
    ':username' => '~user',
    ':password' => '~pass',
    ':first_name' => '~John',
    ':last_name' => '~Doe'
));

You can use the array passed just like any array:

$user = "Nile";
$pdo->execute(array(":user" => $user));
Tuesday, November 15, 2022
 
qwertylpc-d555efe705be
 
qwertylpc-d555efe705be
1

You can build the "IN (...)" string dynamically:

$in_string = '(';
foreach ( $array_of_parameters as $parameter ) {
    $in_string .= ':' . chr($i + 97) . ','; // Get the ASCII character
}
$in_string = substr($in_string, 0, -1) . ')';

$statement = $db->prepare("SELECT blah FROM blah_table WHERE blahID IN ($in_string)");
Sunday, October 23, 2022
 
kentzo
 
kentzo
2

Since you are not passing the value in the execute method, it will not be automatically escaped for you. The following would be escaped for you:

$sql = "INSERT INTO sessions (id, name) VALUES (1, ?)";
$query = $this->connection->prepare($sql);
$query->execute(array("O'brian"));
Monday, October 17, 2022
 
jesse_sherlock
 
jesse_sherlock
2

Is it possible to bind a table name?

No.

You have to whitelist table names. I doubt you want to let a user to browse any table from your database.

And you have to format identifiers manually as well. There is a tag wiki with example. Why not read it first?

Update: As you can see, PDO turns out to be inconvenient for real life tasks. So, you have to have a more intelligent abstraction library to handle MySQL queries. Here is an example using the safeMysql class, which will make your code dramatically shorter:

class form{
    public function __construct($table){
        global $db;
        return $db->getAll("DESCRIBE ?n", $table);
    }
}

2 notes:

  • I've removed the second parameter as there is no code in your function that uses it.
  • NEVER connect in the class. Use an already opened connection instead. Or you will kill your MySQL server with so many connects.

Exclude implemented version

class form {
    public function __construct($table,$skip = array("id")){
        global $db;
        $data = array();
        $res = $db->query("DESCRIBE ?n", $table);
        while($row = $db->fetch($res)) {
            if (!in_array($row['Field'],$skip)) {
                $data[] = $row;
            }
        }
        return $data;
    }
}

However, such class seldom can be used as intended - there are always a lot of exceptions and manual formatting to make it usable.

Wednesday, September 28, 2022
 
andersonbd1
 
andersonbd1
3

I don't think ctypes allows one to translate std::pair to a python tuple without much boilerplate code. Especially since std::pair is a feature of the c++11 standard, and ctypes only works with c-style functions [citation / verification needed].

I suggest would using output parameters, the c way to return multiple values. The idea is simple, the c-function returns it's values by pointer, example.c:

void divide_modulo(int a, int b, int *div, int *rest)
{
    *div  = a / b;
    *rest = a % b;
}

Then compile it to a shared library:

gcc -o libexample.so -shared example.c

The libexample.so now allows you to write to python integers via a pointer in c which are passes as parameters like this:

import ctypes
lib = ctypes.cdll.LoadLibrary('./libexample.so')

def divide_modulo(a, b):
  div = ctypes.c_int(0)
  rest = ctypes.c_int(0)
  lib.divide_modulo(a, b, ctypes.byref(div), ctypes.byref(rest))
  return (div.value, rest.value)

print(divide_modulo(11, 4))

The ctypes.byref wrapper when calling lib.divide_modulo with div and rest converts an int to a pointer to an int.

Sunday, October 30, 2022
 
florian_neumann
 
florian_neumann
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
php
pdo
bind
 
Share
Related Answers
91
 What is the best way to bind decimal / double / float values with PDO in PHP?
163
 Sending empty values with PDO results in error
133
 Inserting multiple values into multiple columns from an array of data using a PDO prepared statement for MySQL
100
 Same array multiple times in MySQL “IN” query with PDO
60
 Assigning the same parameter value multiple times in pdo execute
69
 PDO and binding multiple value sets during insert - recently
177
 PHP Select List - Insert multiple values in database
266
 Multiple Databases using PDO
42
 Escapeing values in PDO statements
93
 Return multiple values in JavaScript?
Top Answers Related To

php,pdo,bind

70
 Do PHP PDO prepared statements need to be escaped?
76
 PHP PDO bindParam was falling in a foreach
88
 PDO bind unknown number of parameters?
73
 PHP - PDO return escaping slash, how to remove it?
99
 PHP PDO simple insert or update function
179
 PHP/PDO MariaDB Galera Cluster
55
 PHP PDO + Prepare Statement
72
 PHP - PDO fetch loop
76
 How to use column names in PHP PDO without binding columns
89
 PHP, PDO, and Exceptions
Write For Us · Blog · Privacy · Faqs · Terms of Use · Contact us ·