On Thu, Jan 22, 2009 at 12:06 PM, Frank Stanovcak <blindspotpro@xxxxxxxxxxx>wrote: > > "Nathan Nobbe" <quickshiftin@xxxxxxxxx> wrote in message > news:7dd2dc0b0901221048g2f089cf9s36ecb9a5b35ab418@xxxxxxxxxxxxxxxxx > > On Thu, Jan 22, 2009 at 8:35 AM, Frank Stanovcak > > <blindspotpro@xxxxxxxxxxx>wrote: > > > >> I'm trying to build a prepared statment and dynamically bind the > >> variables > >> to it since I use this on severaly different pages I didn't want to > build > >> a > >> huge bind statement hard coded on each page and then have to maintain it > >> every time there was a change. > >> > >> I despise having to use eval() and was hoping one of you had stumbled > >> upon > >> this and found a better workaround for it. > >> > >> I've seen references to call_user_function_array, but couldn't find a > >> tutorial, or description that could make me understand how to use it. > >> I think the big problem with all of them was they expected me to know > >> oop, > >> and that is on my plate to learn after I finnish this project. > >> > >> > >> Frank > >> > >> ------------ > >> //initialize a variable to let us know this is the first time through on > >> //the SET construction > >> $i = true; > >> > >> //step through all the FILTERED values to build the SET statment > >> foreach($FILTERED as $key=>$value){ > >> > >> //make sure we single quote the string fields > >> if($i){ > >> $sqlstring .= " $key = ?"; > >> $i = false; > >> }else{ > >> $sqlstring .= ", $key = ?"; > >> }; > >> > >> //build the list of variables to bound durring the mysqli prepared > >> staments > >> $params[] = "\$FILTERED['" . $key . "']"; > >> > >> //build the list of types for use durring the mysqli perepared statments > >> switch($key){ > >> case in_array($key, $stringfields): > >> $ptype[] = 's'; > >> break; > >> > >> case in_array($key, $doublefields): > >> $ptype[] = 'd'; > >> break; > >> > >> default: > >> $ptype[] = 'i'; > >> }; > >> }; > >> > >> //make sure we only update the row we are working on > >> $sqlstring .= ' WHERE BoL=' . $FILTERED['BoL']; > >> > >> //connect to the db > >> include('c:\inetpub\security\connection.php'); > >> > >> //ok...let's do this query > >> //use mysqli so we can use a prepared statment and avoid sql insert > >> attacks > >> $stmt = mysqli_prepare($iuserConnect, $sqlstring); > >> if(!$stmt){ > >> die(mysqli_stmt_error($stmt)); > >> }; > >> > >> //implode the two variables to be used in the mysqli bind statment so > >> they > >> are in > >> //the proper formats > >> $params = implode(", ", $params); > >> $ptype = implode('', $ptype); > >> > >> <---------------------------------------------------> > >> <----- is there a better way to accomplish this? -----> > >> <---------------------------------------------------> > >> //run an eval to build the mysqli bind statment with the string list of > >> variables > >> //to be bound > >> eval("\$check = mysqli_stmt_bind_param(\$stmt, '$ptype', $params);"); > >> if(!$check){ > >> die(mysqli_stmt_error($stmt) . '<br><br>'); > >> }; > >> > > > > yeah, id try call_user_func_array(), > > > > omit the line to create a string out of the $params, then merge the later > > arguments into an array w/ the first 2 args > > > > #$params = implode(", ", $params); > > $check = call_user_func_array('mysqli_stmt_bind_param', > > array_merge(array($stmt, $ptype), $params)); > > > > something like that i think should do the trick. > > > > -nathan > > > > Thanks Nathan! np, please keep responses on list tho, so the conversations end up in the archives for future benefit. > Just to make sure I understand call_user_func_array, and how it opperates. > It's first paramer is the name of the function...any function, which is > part > of what made it so confusing to me...and the second paramter is an array > that will be used to populate the the parameters of the called function as > a > comma seperated list. > yes, thats correct, however the first argument is of the php pseudo-type callback. which can take one of 3 forms . string of a global function name . array containing, [handle to an object, name of an instance method (string)] . array containing, [name of a class (string), name of a static method (string)] you can find more on the php manual page about pseudo types http://us2.php.net/manual/en/language.pseudo-types.php#language.types.callback -nathan