Home/ Questions/Q 6320807
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T16:02:24+00:00

I’m new to PHP and MySQL (and programming in general) and I’m trying to

  • 0

I’m new to PHP and MySQL (and programming in general) and I’m trying to create a generic database handler class called Database_Handler that will help me manage basic things like insert, delete, select, update, etc.

I’m working on a member function to handle insert, currently. In my insert function, I would like to build a prepared PDO insert statement and execute it.

Assume that somewhere in my application, I have called the insert function as follows:

$table = "books";
$cols = array('author', 'title', 'pubdate');
$values = array('Bob Smith', 'Surviving the Zombie Apocalypse', '2010');

$db_handler->insert($table, $cols, $values);

How can I use the data from $table, $cols and $values to build a prepared PDO insert statement? Here’s my first effort, based on an answer from “How to insert an array into a single MySQL Prepared statement w/ PHP and PDO”.

public function insert($table, $cols, $values){

        $numvalues = count($values);

        $placeholder = array();
        for($i=0; $i<$numvalues; $i++)
        $placeholder[$i] = '?';

        $sql = 'INSERT INTO '. $table . '(' . implode(",", $cols) . ') ';
        $sql.= 'VALUES (' . implode("," $placeholder) . ')"';

        $stmt = $this->dbh->prepare($sql);
        $for($i=0; $i<$numvalues; $i++)
            $stmt->bindParam($i+1, $values[$i])
        $stmt->execute();
}

I don’t think this will work, but maybe it will give you an idea of what I want to do. I’m a little confused because the example given on the php.net manual is: 

$stmt = $dbh->prepare("INSERT INTO REGISTRY (name, value) VALUES (?, ?)");
$stmt->bindParam(1, $name);
$stmt->bindParam(2, $value);

// insert one row
$name = 'one';
$value = 1;
$stmt->execute();

It seems like they are sending $name as a parameter to the bindParam() funciton, then assigning a value to $name afterwards? What is the value of $name when it’s sent to bindParam()? Or does bindParam() just associate a parameter with a variable, without taking that variable’s data – allowing execute() to handle that part?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes, bindParam binds a parameter to a variable name (reference), not a value, as the manual says.

    However, there’s a simpler syntax for your situation. PDOStatement::execute can take an array of values.

    public function insert($table, $cols, $values){

    $placeholder = array();
    for ($i = 0; i < count($values); $i++)
      $placeholder[] = '?';

    $sql = 'INSERT INTO '. $table . ' (`' . implode("`, `", $cols) . '`) ';
    $sql.= 'VALUES (' . implode(", ", $placeholder) . ')';

    $stmt = $this->dbh->prepare($sql);
    $stmt->execute($values);

}
    • 0