Variable parameter/result binding with prepared statements
You've got to make sure that $array_of_params is array of links to variables, not values themselves. Should be:
$array_of_params[0] = &$param_string; //link to variable that stores types
And then...
$param_string .= "i";
$user_id_var = $_GET['user_id'];//
$array_of_params[] = &$user_id_var; //link to variable that stores value
Otherwise (if it is array of values) you'll get:
PHP Warning: Parameter 2 to mysqli_stmt::bind_param() expected to be a reference
One more example:
$bind_names[] = implode($types); //putting types of parameters in a string
for ($i = 0; $i < count($params); $i++)
{
$bind_name = 'bind'.$i; //generate a name for variable bind1, bind2, bind3...
$$bind_name = $params[$i]; //create a variable with this name and put value in it
$bind_names[] = & $$bind_name; //put a link to this variable in array
}
and BOOOOOM:
call_user_func_array( array ($stmt, 'bind_param'), $bind_names);
The more modern way to bind parameters dynamically is via the splat/spread operator (...
).
Assuming:
- you have a non-empty array of values to bind to your query and
- your array values are suitably processed as string type values in the context of the query and
- your input array is called
$values
Code for PHP5.6 and higher:
$stmt->bind_param(str_repeat('s', count($values)), ...$values);
In fact, all of the arguments fed to bind_param()
can be unpacked with the splat/spread operator if you wish -- the data types string just needs to be the first element of the array.
array_unshift($values, str_repeat('s', count($values)));
$stmt->bind_param(...$values);
In PHP you can pass a variable number of arguments to a function or method by using call_user_func_array
. An example for a method would be:
call_user_func_array(array(&$stmt, 'bindparams'), $array_of_params);
The function will be called with each member in the array passed as its own argument.