|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #40891 mysqli_stmt_bind_param should accept array of parameters to bind
Submitted: 2007-03-22 13:24 UTC Modified: 2017-10-24 07:55 UTC
Avg. Score:4.7 ± 0.7
Reproduced:8 of 9 (88.9%)
Same Version:2 (25.0%)
Same OS:1 (12.5%)
From: john dot navratil at sbcglobal dot net Assigned:
Status: Open Package: MySQLi related
PHP Version: 5.2.1 OS: Fedora Core 5
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
Solve the problem:
33 + 43 = ?
Subscribe to this entry?

 [2007-03-22 13:24 UTC] john dot navratil at sbcglobal dot net
I've read bug #31096 and this is a variant of the same bug, but I beseech you to reconsider.

The C API to mysql defines my_bool mysql_stmt_bind_param(MYSQL_STMT *stmt, MYSQL_BIND *bind) to accept an array of parameters to bind to a prepared statement.  PHP 5.2.1 does not and requires the number of parameters to match both the number of characters in the type string (essentially an array of types) and the number of parameters in the prepared statement.  This works well for static statements but makes dynamic statements impossible to prepare unless one resorts to something like:

$arr = <array-of-values-to-be-bound>
array_unshift($arr, $typeString);
call_user_func_array(array(& $mysqli, "stmt_bind_param"), $arr);

One can argue that this is sufficient (a point which I will concede), but the beauty of PHP is not in its sufficiency (machine code is sufficient, ultimately) but in its expressivity.  The foregoing is not very expressive, is tightly bound to the mysqli_stmt_bind_result signature, and does not mirror the underlying API (which is another PHP strong point).

Would you please consider a variant which accepts two arguments with the second being an array of values to bind to the prepared statement?



Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-01-01 23:52 UTC]
-Package: Feature/Change Request +Package: MySQLi related
 [2011-01-06 14:48 UTC]
-Assigned To: +Assigned To: mysql
 [2011-02-03 21:48 UTC] ndavis at tenablesecurity dot com
Agree with John. The current implementation makes writing a mysqli class much more complex than it needs to be. As of 5.3.3 the function signature is still the same.

You could overload bind_param() so that if there's 2 arguments, process the old way. If there's one argument, process it with the input array feature, as an array.

This would be a very good way to maintain backward compatibility.

The expected array input could be:
array('type'=>'value', etc)

This way we could feed an array to a statement value binding function and it would Just Work(tm) without needing to write our own class just to process input variables into the expected input. We can take an array, apply input filtering to it, and feed the array directly to the function.

The current implementation is rather inflexible and doesn't lend itself well to use inside a database class.

 [2017-10-24 07:55 UTC]
-Status: Assigned +Status: Open -Assigned To: mysql +Assigned To:
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Mar 01 14:01:24 2021 UTC