Asked  8 Months ago    Answers:  5   Viewed   33 times

It appears the class constants only cover PDO::PARAM_BOOL, PDO::PARAM_INT and PDO::PARAM_STR for binding. Do you just bind decimal / float / double values as strings or is there a better way to treat them?

MySQLi allows the 'd' type for double, it's surprising that PDO doesn't have an equivalent when it seems better in so many other ways.

 Answers

42

AFAIK PDO::PARAM_STR is the way to go.

Wednesday, March 31, 2021
 
Stefan
answered 8 Months ago
72

Your code looks fine to me. But I would suggest to use mysql_fetch_assoc() instead of mysql_fetch_array(), so that keys are mapped to their values. Also, use mysql_real_escape_string() to prevent SQL injection.

 $query = "Select * from processed1 where record = '".mysql_real_escape_string($id)."'";
 $result = mysql_query($query);

 $data = array();

 while($row = mysql_fetch_assoc($result))
 {           
     $data[] = $row;               
 }
Wednesday, March 31, 2021
 
pwaring
answered 8 Months ago
21
$x = $x - floor($x)
Thursday, June 17, 2021
 
JakeGR
answered 5 Months ago
82

Last time I checked, it was not possible to prepare a statement where the affected columns were unknown at preparation time - but that thing seems to work - maybe your database system is more forgiving than those I am using (mainly postgres)

What is clearly wrong is the implode() statement, as each variable should be handled by it self, you also need parenthesis around the field list in the insert statement.

To insert user defined fields, I think you have to do something like this (at least that how I do it);

$fields=array_keys($a); // here you have to trust your field names! 
$values=array_values($a);
$fieldlist=implode(',',$fields); 
$qs=str_repeat("?,",count($fields)-1);
$sql="insert into user($fieldlist) values(${qs}?)";
$q=$DBH->prepare($sql);
$q->execute($values);

If you cannot trust the field names in $a, you have to do something like

foreach($a as $f=>$v){
   if(validfield($f)){
      $fields[]=$f;
      $values[]=$v;
   }
}

Where validfields is a function that you write that tests each fieldname and checks if it is valid (quick and dirty by making an associative array $valfields=array('name'=>1,'email'=>1, 'phone'=>1 ... and then checking for the value of $valfields[$f], or (as I would prefer) by fetching the field names from the server)

Tuesday, August 3, 2021
 
silvster27
answered 3 Months ago
23

Make sure that the type of $limit and $offset is set to PDO::PARAM_INT:

$limit = 20;
$offset = 0;

$stmt->bindParam(1, $limit,  PDO::PARAM_INT);
$stmt->bindParam(2, $offset, PDO::PARAM_INT);
Sunday, August 29, 2021
 
Benji
answered 2 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
 
Share