"Nathan Nobbe" <quickshiftin@xxxxxxxxx> wrote in message news:7dd2dc0b0901221048g2f089cf9s36ecb9a5b35ab418@xxxxxxxxxxxxxxxxx > On Thu, Jan 22, 2009 at 8:35 AM, Frank Stanovcak > <blindspotpro@xxxxxxxxxxx>wrote: > >> I'm trying to build a prepared statment and dynamically bind the >> variables >> to it since I use this on severaly different pages I didn't want to build >> a >> huge bind statement hard coded on each page and then have to maintain it >> every time there was a change. >> >> I despise having to use eval() and was hoping one of you had stumbled >> upon >> this and found a better workaround for it. >> >> I've seen references to call_user_function_array, but couldn't find a >> tutorial, or description that could make me understand how to use it. >> I think the big problem with all of them was they expected me to know >> oop, >> and that is on my plate to learn after I finnish this project. >> >> >> Frank >> >> ------------ >> //initialize a variable to let us know this is the first time through on >> //the SET construction >> $i = true; >> >> //step through all the FILTERED values to build the SET statment >> foreach($FILTERED as $key=>$value){ >> >> //make sure we single quote the string fields >> if($i){ >> $sqlstring .= " $key = ?"; >> $i = false; >> }else{ >> $sqlstring .= ", $key = ?"; >> }; >> >> //build the list of variables to bound durring the mysqli prepared >> staments >> $params[] = "\$FILTERED['" . $key . "']"; >> >> //build the list of types for use durring the mysqli perepared statments >> switch($key){ >> case in_array($key, $stringfields): >> $ptype[] = 's'; >> break; >> >> case in_array($key, $doublefields): >> $ptype[] = 'd'; >> break; >> >> default: >> $ptype[] = 'i'; >> }; >> }; >> >> //make sure we only update the row we are working on >> $sqlstring .= ' WHERE BoL=' . $FILTERED['BoL']; >> >> //connect to the db >> include('c:\inetpub\security\connection.php'); >> >> //ok...let's do this query >> //use mysqli so we can use a prepared statment and avoid sql insert >> attacks >> $stmt = mysqli_prepare($iuserConnect, $sqlstring); >> if(!$stmt){ >> die(mysqli_stmt_error($stmt)); >> }; >> >> //implode the two variables to be used in the mysqli bind statment so >> they >> are in >> //the proper formats >> $params = implode(", ", $params); >> $ptype = implode('', $ptype); >> >> <---------------------------------------------------> >> <----- is there a better way to accomplish this? -----> >> <---------------------------------------------------> >> //run an eval to build the mysqli bind statment with the string list of >> variables >> //to be bound >> eval("\$check = mysqli_stmt_bind_param(\$stmt, '$ptype', $params);"); >> if(!$check){ >> die(mysqli_stmt_error($stmt) . '<br><br>'); >> }; >> > > yeah, id try call_user_func_array(), > > omit the line to create a string out of the $params, then merge the later > arguments into an array w/ the first 2 args > > #$params = implode(", ", $params); > $check = call_user_func_array('mysqli_stmt_bind_param', > array_merge(array($stmt, $ptype), $params)); > > something like that i think should do the trick. > > -nathan > Thanks Nathan! Just to make sure I understand call_user_func_array, and how it opperates. It's first paramer is the name of the function...any function, which is part of what made it so confusing to me...and the second paramter is an array that will be used to populate the the parameters of the called function as a comma seperated list. Please tell me if I got any of that wrong. This is how I learn! Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php