I need help with MySQLi prepared statements.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
gunnarflax
Forum Newbie
Posts: 1
Joined: Tue Mar 15, 2011 7:25 am

I need help with MySQLi prepared statements.

Post by gunnarflax »

Hi! I have rather recently started working with prepared MySQLi-statements in php. From what I've learned is it supposed to be much more effective and secure so I've tried to adapt it to my projects as much as possible. The thing that always annoyed me with this technique is that I cannot figure out how to use it in the way you could without prepared statements to easily print out database information. I'm talking about this method:

Code: Select all

$result = $mysqli->query("SELECT * FROM foo WHERE id='bar'");

while ($row = $mysqli->fetch_array($result)){
   echo "foo: ".$row['foo']."</br>";
   echo "bar: ".$row['bar'];
}
But now when I use prepared statements I'm forced to always have to set which variables are to be bound with the results from the query (mysqli_stmt::bind_result). What I want is to be able to dynamically bind the results to an array depending on how many results are found so that I can utilize a loop to print out several database posts. When searching for a solution to this I found this post on stackoverflow. I didn't fully understand how it works at first but I've studied it and tried to make sense out of it but only come so far. This is my implementation of this method:

Code: Select all

public function execute($unprp_stmt, $data){
            //Prepare the stmt, $this->con is the mysqli-object
            $stmt = $this->con->prepare($unprp_stmt);
            //Get dynamically built parameter string for the bind_param method. E.g. 'issis'
            $paramstr = $this->get_paramstr($data);

            // Dynamically build up the arguments for bind_param
            $params = array();
            $params[] = $stmt;
            $params[] = $paramstr;

            foreach($data as $k => $v){
                $params[] = &$data[$k];
            }

            // and then call bind_param with the proper arguments
            call_user_func_array('mysqli_stmt_bind_param', $params);
            $stmt->execute();

            //So far everything works as it should, it's the following part which I cannot understand how to make it work.
            //As you can see is it a direct implementation of the other user's post and I don't really understand how his
            //function is supposed to work.

            $meta_data = mysqli_stmt_result_metadata($stmt);
            //print_r($meta_data);
            $fields = array();
            $out = array();

            $fields[0] = $stmt;
            $count = 1;

            while($field = mysqli_fetch_field($meta_data)) {
                $fields[$count] = &$out[$field->name];
                $count++;
            }

            //print_r($fields);
            
            call_user_func_array('mysqli_stmt_bind_result', $fields);
            return $stmt;
}
I'm not a pro on PHP so please be as thorough as you can when answering :) Thank you very much for taking your time!
Post Reply