PDO bindParam into one statement?

Question

Is there a way I can put these bindParam statements into one statement?

$q = $dbc -> prepare(\"INSERT INTO accounts (username, email, password) VALUES (:u         


        

Answer 1

Your Common Sense is totally right that the aim of coding is to save typing... but his solution doesn't help with the BindParams bit. I couldn't find anything else about this online, so here's something I finally just persuaded to work - I hope it's useful for someone!

//First, a function to add the colon for each field value.
function PrepareString($array){
//takes array (title,author);
//and returns the middle bit of pdo update query :title,:author etc 
    foreach($array as $k =>$v){
        $array[$k]=':'.$v;
    }
    return implode(', ', $array);
}

Then...

function PdoInsert($table_name,$array){

    $db = new PDO(); //however you create your own pdo

 //get $fields and $vals for statement
    $fields_vals=array_keys($array);
    $fields=implode(',',$fields_vals);
    $vals=PrepareString($fields_vals);
    $sql = "INSERT INTO $table_name($fields)    VALUES ($vals)";  

    $qwe=$db->prepare($sql);


    foreach ($array as $k =>$v ){
      //add the colon to the key
      $y=':'.$k;
        //god knows why it doesn't like $qwe->bindParam($y,$v,PDO::PARAM_STR);
        // but it really doesn't! So we refer back to $array.
        //add checks for different binding types here 

(see PDO::PARAM_INT is important in bindParam?)

        $qwe->bindParam($y,$array[$k],PDO::PARAM_STR);

    }
    if ($qwe->execute()==true){
        return $db->lastInsertId();  
    }
    else {
        return  $db->errorCode();
    }
}

Then you can insert anything by doing

PdoInsert('MyTableName',array('field1'=>$value1,'field2'=>$value2...));

Having previously sanitized your values of course.