can I do this without eval?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm trying to build a prepared statment and dynamically bind the variables 
to it since I use this on severaly different pages I didn't want to build a 
huge bind statement hard coded on each page and then have to maintain it 
every time there was a change.

I despise having to use eval() and was hoping one of you had stumbled upon 
this and found a better workaround for it.

I've seen references to call_user_function_array, but couldn't find a 
tutorial, or description that could make me understand how to use it.
I think the big problem with all of them was they expected me to know oop, 
and that is on my plate to learn after I finnish this project.


Frank

------------
//initialize a variable to let us know this is the first time through on
//the SET construction
 $i = true;

//step through all the FILTERED values to build the SET statment
 foreach($FILTERED as $key=>$value){

//make sure we single quote the string fields
  if($i){
   $sqlstring .= " $key = ?";
   $i = false;
  }else{
   $sqlstring .= ", $key = ?";
  };

//build the list of variables to bound durring the mysqli prepared staments
  $params[] = "\$FILTERED['" . $key . "']";

//build the list of types for use durring the mysqli perepared statments
  switch($key){
  case in_array($key, $stringfields):
   $ptype[] = 's';
   break;

  case in_array($key, $doublefields):
   $ptype[] = 'd';
   break;

  default:
   $ptype[] = 'i';
  };
 };

//make sure we only update the row we are working on
 $sqlstring .= ' WHERE BoL=' . $FILTERED['BoL'];

//connect to the db
 include('c:\inetpub\security\connection.php');

//ok...let's do this query
//use mysqli so we can use a prepared statment and avoid sql insert attacks
 $stmt = mysqli_prepare($iuserConnect, $sqlstring);
 if(!$stmt){
  die(mysqli_stmt_error($stmt));
 };

//implode the two variables to be used in the mysqli bind statment so they 
are in
//the proper formats
 $params = implode(", ", $params);
 $ptype = implode('', $ptype);

<--------------------------------------------------->
<----- is there a better way to accomplish this? ----->
<--------------------------------------------------->
//run an eval to build the mysqli bind statment with the string list of 
variables
//to be bound
 eval("\$check = mysqli_stmt_bind_param(\$stmt, '$ptype', $params);");
 if(!$check){
  die(mysqli_stmt_error($stmt) . '<br><br>');
 };
 



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux