I need help with MySQLi prepared statements

gunnarflax 0 Junior Poster

13 Years Ago

Since no one answered to my previous thread about a similar issue I rephrase the problem and try my luck again :)

I have rather recently started working with prepared MySQLi-statements in php. From what I've learned is it supposed to be much more effective and secure so I've tried to adapt it to my projects as much as possible. The thing that always annoyed me with this technique is that I cannot figure out how to use it in the way you could without prepared statements to easily print out database information. I'm talking about this method:

$result = $mysqli->query("SELECT * FROM foo WHERE id='bar'");

while ($row = $mysqli->fetch_array($result)){
   echo "foo: ".$row['foo']."</br>";
   echo "bar: ".$row['bar'];
}

But now when I use prepared statements I'm forced to always have to set which variables are to be bound with the results from the query (mysqli_stmt::bind_result). What I want is to be able to dynamically bind the results to an array depending on how many results are found so that I can utilize a loop to print out several database posts. When searching for a solution to this I found this post on stackoverflow. I didn't fully understand how it works at first but I've studied it and tried to make sense out of it but only come so far. This is my implementation of this method:

public function execute($unprp_stmt, $data){
            //Prepare the stmt, $this->con is the mysqli-object
            $stmt = $this->con->prepare($unprp_stmt);
            //Get dynamically built parameter string for the bind_param method. E.g. 'issis'
            $paramstr = $this->get_paramstr($data);

            // Dynamically build up the arguments for bind_param
            $params = array();
            $params[] = $stmt;
            $params[] = $paramstr;

            foreach($data as $k => $v){
                $params[] = &$data[$k];
            }

            // and then call bind_param with the proper arguments
            call_user_func_array('mysqli_stmt_bind_param', $params);
            $stmt->execute();

            //So far everything works as it should, it's the following
            // part which I cannot understand how to make it work.
            //As you can see is it a direct implementation of the other
            // user's post and I don't really understand how his
            // function is supposed to work.

            $meta_data = mysqli_stmt_result_metadata($stmt);
            //print_r($meta_data);
            $fields = array();
            $out = array();

            $fields[0] = $stmt;
            $count = 1;

            while($field = mysqli_fetch_field($meta_data)) {
                $fields[$count] = &$out[$field->name];
                $count++;
            }

            //print_r($fields);
            
            call_user_func_array('mysqli_stmt_bind_result', $fields);
            return $stmt;
}

I'm not a pro on PHP so please be as thorough as you can when answering :) Thank you very much for taking your time!

1 Contributor
0 Replies
155 Views

Be the first to reply

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.