I'm trying to build a prepared statment and dynamically bind the variables
to it since I use this on severaly different pages I didn't want to build a
huge bind statement hard coded on each page and then have to maintain it
every time there was a change.
I despise having to use eval() and was hoping one of you had stumbled upon
this and found a better workaround for it.
I've seen references to call_user_function_array, but couldn't find a
tutorial, or description that could make me understand how to use it.
I think the big problem with all of them was they expected me to know oop,
and that is on my plate to learn after I finnish this project.
Frank
------------
//initialize a variable to let us know this is the first time through on
//the SET construction
$i = true;
//step through all the FILTERED values to build the SET statment
foreach($FILTERED as $key=>$value){
//make sure we single quote the string fields
if($i){
$sqlstring .= " $key = ?";
$i = false;
}else{
$sqlstring .= ", $key = ?";
};
//build the list of variables to bound durring the mysqli prepared staments
$params[] = "\$FILTERED['" . $key . "']";
//build the list of types for use durring the mysqli perepared statments
switch($key){
case in_array($key, $stringfields):
$ptype[] = 's';
break;
case in_array($key, $doublefields):
$ptype[] = 'd';
break;
default:
$ptype[] = 'i';
};
};
//make sure we only update the row we are working on
$sqlstring .= ' WHERE BoL=' . $FILTERED['BoL'];
//connect to the db
include('c:\inetpub\security\connection.php');
//ok...let's do this query
//use mysqli so we can use a prepared statment and avoid sql insert attacks
$stmt = mysqli_prepare($iuserConnect, $sqlstring);
if(!$stmt){
die(mysqli_stmt_error($stmt));
};
//implode the two variables to be used in the mysqli bind statment so they
are in
//the proper formats
$params = implode(", ", $params);
$ptype = implode('', $ptype);
<--------------------------------------------------->
<----- is there a better way to accomplish this? ----->
<--------------------------------------------------->
//run an eval to build the mysqli bind statment with the string list of
variables
//to be bound
eval("\$check = mysqli_stmt_bind_param(\$stmt, '$ptype', $params);");
if(!$check){
die(mysqli_stmt_error($stmt) . '<br><br>');
};
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
