PDO truncate string parameters

Question

I have this function to insert data to a table:

public static function insertSistema($name,$description,$created_at, $updated_at, $img_file_name, $img_content_type, $img_file_size, $img_updated_at, $visible, $description, $access_floors, $access_procedures, $access_datas, $access_histories, $access_incidences, $access_operations, $access_reports, $access_messagings)
{
    $conector = new Conexion("localhost","xrem_prueba");
    try
    {
        $con = $conector->Conectar();
        $con->exec('SET CHARACTER SET utf8');
        $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $consulta = $con->prepare("INSERT INTO systems (name, created_at, updated_at, img_file_name, img_content_type, img_file_size, img_updated_at, visible, description, access_floors, access_procedures, access_datas, access_histories, access_incidences, access_operations, access_reports, access_messagings ) VALUES (:name, :created_at, :updated_at, :img_file_name, :img_content_type, :img_file_size, :img_updated_at, :visible, :description, :access_floors, :access_procedures, :access_datas, :access_histories, :access_incidences, :access_operations, :access_reports, :access_messagings);");
        $consulta->bindParam(':name', $name, PDO::PARAM_STR, 57);
        $consulta->bindParam(':description', $description, PDO::PARAM_STR);
        $consulta->bindParam(':created_at', $created_at, PDO::PARAM_STR);
        $consulta->bindParam(':updated_at', $updated_at, PDO::PARAM_STR);
        $consulta->bindParam(':img_file_name', $img_file_name, PDO::PARAM_STR,255);
        $consulta->bindParam(':img_content_type', $img_content_type, PDO::PARAM_STR,255);
        $consulta->bindParam(':img_file_size', $img_file_size, PDO::PARAM_INT);
        $consulta->bindParam(':img_updated_at', $img_updated_at, PDO::PARAM_INT);
        $consulta->bindParam(':visible', $visible, PDO::PARAM_INT,1);
        $consulta->bindParam(':access_floors', $access_floors, PDO::PARAM_INT,1);
        $consulta->bindParam(':access_procedures', $access_procedures, PDO::PARAM_INT,1);
        $consulta->bindParam(':access_datas', $access_procedures, PDO::PARAM_INT,1);
        $consulta->bindParam(':access_histories', $access_procedures, PDO::PARAM_INT,1);
        $consulta->bindParam(':access_incidences', $access_procedures, PDO::PARAM_INT,1);
        $consulta->bindParam(':access_operations', $access_procedures, PDO::PARAM_INT,1);
        $consulta->bindParam(':access_reports', $access_reports, PDO::PARAM_INT,1);
        $consulta->bindParam(':access_messagings', $access_messagings, PDO::PARAM_INT,1);
        $datos = array('name'=>$name,
                       'description'=>$description,
                       'created_at'=>$created_at,
                       'updated_at'=>$updated_at,
                       'img_file_name'=>$img_file_name,
                       'img_content_type'=>$img_content_type,
                       'img_file_size'=>$img_file_size,
                       'img_updated_at'=>$img_updated_at,
                       'visible'=>$visible,
                       'access_floors'=>$access_floors,
                       'access_procedures'=>$access_procedures,
                       'access_datas'=>$access_datas,
                       'access_histories'=>$access_histories,
                       'access_incidences'=>$access_incidences,
                       'access_operations'=>$access_operations,
                       'access_reports'=>$access_reports,
                       'access_messagings'=>$access_messagings
        );
        $consulta->execute($datos);
        $conector = null;
        $con = null;
        return $consulta;
    }
    catch (Exception $e)
    {
        $conector = null;
        $con = null;
        throw $e;
    }
}

As you can see I have this $consulta->bindParam(':name', $name, PDO::PARAM_STR, 57); line 10: bindParam option and it suppouse to truncate 57 characters length, but it will insert any kind of characters, so it's not truncating.

Answer 1

The length parameter isn't used for truncation. It should only be used when the parameter comes from a stored procedure, and then, it's used to tell the length - not set it. You'll have to truncate the variable $name prior to binding it instead.

From the PHP Manual: "Length of the data type. To indicate that a parameter is an OUT parameter from a stored procedure, you must explicitly set the length."

Answer 2

How'd I did it

public static function insertSistema($name,$description,$created_at, $updated_at, $img_file_name, $img_content_type, $img_file_size, $img_updated_at, $visible, $description, $access_floors, $access_procedures, $access_datas, $access_histories, $access_incidences, $access_operations, $access_reports, $access_messagings)
{
    global $con;
    $data   = func_get_args();
    $qmarks = str_repeat('?,', count($data) - 1) . '?';
    $stmt   = $con->prepare("INSERT INTO systems VALUES (NULL,$qmarks");
    $stmt->execute($data);
}

and yes - I'd get rid of that long and windy parameter list too, swapping it for array