Menu
$sql = "SELECT * FROM table WHERE id LIKE CONCAT('%', :id, '%')
LIMIT :limit1, :limit2";
I want to still use the array input like this:
$stmt->execute($array);
Otherwise I cannot reuse the same method for executing my queries.
At the same time, the :limit1 and :limit2 doesn't work unless it is put in like this:
$stmt->bindParam(':limit1', $limit1, PDO::PARAM_INT);
I tried to do both but it doesn't execute with the bindParams:
$stmt->bindParam(':limit2', $limit2, PDO::PARAM_INT);
$stmt->execute($array);
What is the way around it?
I thought I could extend PDOStatement and add a new method "bindLimit" or something but I can't figure out what internal method PDO uses to bind parameters to a variable.
391
Array Binding: As per our need, we simply need to bind the PHP array to IN() clause and to obtain this functionality, we first need to convert the given array to the form acceptable by the IN() clause, which is a job carried out by PHP implode() function.
Return Values ¶ If the database server successfully prepares the statement, PDO::prepare() returns a PDOStatement object. If the database server cannot successfully prepare the statement, PDO::prepare() returns false or emits PDOException (depending on error handling).
PDO::exec() returns the number of rows that were modified or deleted by the SQL statement you issued.
To prepare and execute a single SQL statement that accepts no input parameters, use the PDO::exec or PDO::query method. Use the PDO::exec method to execute a statement that returns no result set.
If you turn off the default setting of PDO::ATTR_EMULATE_PREPARES, then it will work. I just found out that that setting is on by default for mysql, which means you never actually use prepared statements, php internally creates dynamic sql for you, quoting the values for you and replacing the placeholders. Ya, a major wtf.
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$stmt = $pdo->prepare($sql);
$stmt->execute(array(5)); //works!
The prepares are emulated by default because of performance reasons.
See as well PDO MySQL: Use PDO::ATTR_EMULATE_PREPARES or not?
157
As stated in the documentation for PDOStatement::execute:
input_parametersAn array of values with as many elements as there are bound parameters in the SQL statement being executed. All values are treated as
PDO::PARAM_STR.
For the most part, this goes entirely unnoticed as MySQL's implicit type conversion handles the rest (but it can cause some undesirable behaviour if MySQL is using a particularly weird connection character set, as converting strings of numbers back to their numeric value might not give the expected result).
In your case, MySQL is attempting to execute a LIMIT clause that has string arguments. Whilst it could attempt to resolve that using its implicit type conversion, as it does everywhere else a string appears where an integer should be, it simply doesn't bother and runs off crying instead.
So, you need to tell PDO that these particular parameters are integers. Since even PHP doesn't know what type its variables are, I believe the only way to do that is to directly bind them with either PDOStatement::bindParam or PDOStatement::bindValue as you are doing (although it isn't strictly necessary to specify the $data_type argument as a simple (int) cast of the $variable gives PHP's otherwise clueless type system enough to work with).
As far as the internal method PDO uses to bind parameters to a variable goes, take a look at really_register_bound_param() (unsurprisingly not exposed to PHP, so you'll be having lots of fun in C).
Good luck!
23
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
