I'm trying to build a prepared statment and dynamically bind the variables to it since I use this on severaly different pages I didn't want to build a huge bind statement hard coded on each page and then have to maintain it every time there was a change. I despise having to use eval() and was hoping one of you had stumbled upon this and found a better workaround for it. I've seen references to call_user_function_array, but couldn't find a tutorial, or description that could make me understand how to use it. I think the big problem with all of them was they expected me to know oop, and that is on my plate to learn after I finnish this project. Frank ------------ //initialize a variable to let us know this is the first time through on //the SET construction $i = true; //step through all the FILTERED values to build the SET statment foreach($FILTERED as $key=>$value){ //make sure we single quote the string fields if($i){ $sqlstring .= " $key = ?"; $i = false; }else{ $sqlstring .= ", $key = ?"; }; //build the list of variables to bound durring the mysqli prepared staments $params[] = "\$FILTERED['" . $key . "']"; //build the list of types for use durring the mysqli perepared statments switch($key){ case in_array($key, $stringfields): $ptype[] = 's'; break; case in_array($key, $doublefields): $ptype[] = 'd'; break; default: $ptype[] = 'i'; }; }; //make sure we only update the row we are working on $sqlstring .= ' WHERE BoL=' . $FILTERED['BoL']; //connect to the db include('c:\inetpub\security\connection.php'); //ok...let's do this query //use mysqli so we can use a prepared statment and avoid sql insert attacks $stmt = mysqli_prepare($iuserConnect, $sqlstring); if(!$stmt){ die(mysqli_stmt_error($stmt)); }; //implode the two variables to be used in the mysqli bind statment so they are in //the proper formats $params = implode(", ", $params); $ptype = implode('', $ptype); <---------------------------------------------------> <----- is there a better way to accomplish this? -----> <---------------------------------------------------> //run an eval to build the mysqli bind statment with the string list of variables //to be bound eval("\$check = mysqli_stmt_bind_param(\$stmt, '$ptype', $params);"); if(!$check){ die(mysqli_stmt_error($stmt) . '<br><br>'); }; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php