[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 374
  • Last Modified:

php mysql parameters, can someone please explain this code?

I have no idea what this prepare, question marks, and other stuff do.  Can someone please explain?  Some code is missing, but this is the important stuff

        function create($input)
        {
            $params = array('xxxx',
                            $input->__get(first),
                            $input->__get(last),
                            date( 'Y-m-d H:i:s'),
                            date( 'Y-m-d H:i:s'));
            $query = "INSERT INTO user (first, last, createddate, lastmodifieddate) VALUES (?,?,?,?)";
            $this->msqlConn->exeDB($query, $params);
        }


    function exeDB($query, $parameters)
    {
        $this->getMySqliConnection();
        $st = $this->m_sqliconnection->prepare($query);
        if(mysqli_errno($this->m_sqliconnection))
        {
            die("ERROR");
        }

        $types = $param[0];
        unset($param[0]);
        $i = 0;
        foreach ($params as $param) {
           $bind_name = 'bind' . $i;
           $$bind_name = $param;
           $bind_names[] = &$$bind_name;
        }
        $bind_params[] = $types;
        $bind_params[] = array_merge($bind_params, $bind_names);
        $return = call_user_func_array(array($st, 'bind_param'),$params);
        if(!$st->execute())
        {
            die("Execute error : " . mysqli_error());
        }
        $st->close();
        $this->closeMySqliConnection();
    }
0
jackjohnson44
Asked:
jackjohnson44
  • 6
  • 3
1 Solution
 
NerdsOfTechTechnology ScientistCommented:
getMySqliConnection() seems to be a user-defined class.

This user-defined class may have functions or properties associated with it.

You may want to search your database connection code for this class to learn more.

If the script is throwing errors, you may be missing the include that defines this user-defined class.
<?php
//example class
class MyClass
{
    const constant = 'constant value';
 
    function showConstant() {
        echo  self::constant . "\n";
    }
}
 
echo MyClass::constant . "\n";
 
$classname = "MyClass";
echo $classname::constant . "\n"; // As of PHP 5.3.0
 
$class = new MyClass();
$class->showConstant();
 
echo $class::constant."\n"; // As of PHP 5.3.0
?>

Open in new window

0
 
jackjohnson44Author Commented:
Thanks, I am more concerned with the prepare, and parameters stuff.  the getmysqlconn is just a function that returns a db connection.  It isn't too important.
0
 
NerdsOfTechTechnology ScientistCommented:
check: m_sqliconnection

        $this->getMySqliConnection();
        $st = $this->m_sqliconnection->prepare($query);
        if(mysqli_errno($this->m_sqliconnection))

looks like a user defined class to me
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
NerdsOfTechTechnology ScientistCommented:
prepare sounds like a query placeholder
sound like a sqli transaction here
0
 
NerdsOfTechTechnology ScientistCommented:
Answered:
function exeDB($query, $parameters) takes Parameters and REPLACES each ? from left to right in
SQL query


            $params = array('xxxx',
                            $input->__get(first),
                            $input->__get(last),
                            date( 'Y-m-d H:i:s'),
                            date( 'Y-m-d H:i:s'));
            $query = "INSERT INTO user (first, last, createddate, lastmodifieddate) VALUES (?,?,?,?)";
            $this->msqlConn->exeDB($query, $params);
0
 
jackjohnson44Author Commented:
Thanks, but I am really not following at all.  What are the questionmarks for?  What is the array with xxxx for?  Why xxxx?  What does this mean?

        foreach ($params as $param) {
           $bind_name = 'bind' . $i;
           $$bind_name = $param;
           $bind_names[] = &$$bind_name;
        }
        $bind_params[] = $types;
        $bind_params[] = array_merge($bind_params, $bind_names);
        $return = call_user_func_array(array($st, 'bind_param'),$params);
0
 
NerdsOfTechTechnology ScientistCommented:
Read my comments. Hope this helps
 function create($input)
        {
	    // build an array called params that corresponds to the values in SQL statement
             $params = array('xxxx',
                            $input->__get(first),
                            $input->__get(last),
                            date( 'Y-m-d H:i:s'),
                            date( 'Y-m-d H:i:s'));
 
	    // build SQL statement with ? marks to be later filled in by with params using the function exeDB
            $query = "INSERT INTO user (first, last, createddate, lastmodifieddate) VALUES (?,?,?,?)";
 
	    // execute SQL statement
            $this->msqlConn->exeDB($query, $params);
        }
 
 
    function exeDB($query, $parameters)
    {
        // this function executes an SQL statement; but first, we will do some replace work on the SQL
 
	// load db object
        $this->getMySqliConnection();
 
	// load query. in the SQL the ? marks is input the db is waiting for to replace with valid inputs
        $st = $this->m_sqliconnection->prepare($query);
        if(mysqli_errno($this->m_sqliconnection))
        {
            die("ERROR"); // query not valid
        }
 
	// extract the first parameter since it is not an input just a type value we will use later
        $types = $param[0];
	// delete the first parameter since it is not an input
        unset($param[0]);
 
        $i = 0;
	// loop through the actual values and create varibles named bind1, bind2, bind3, etc with values of parameters
	// combine them into an array call bind_names
        foreach ($params as $param) {
           $bind_name = 'bind' . $i;
           $$bind_name = $param;
           $bind_names[] = &$$bind_name;
        }
        $bind_params[] = $types;
        $bind_params[] = array_merge($bind_params, $bind_names);
        $return = call_user_func_array(array($st, 'bind_param'),$params);
 
	//execute the query with the values replaced in SQL
 
        if(!$st->execute())
        {
            die("Execute error : " . mysqli_error());
        }
        $st->close();
        $this->closeMySqliConnection();

Open in new window

0
 
jackjohnson44Author Commented:
Thanks so much for your help.  I really appreciate your patience here.  I think that now I understand most of it, although I still am foggy on one part.  again, thanks so much.  I am a little dense.

What does types refer to?  xxx doesn't mean anything (that I can think of) and why would it be pushed back into the array?  It looks like he is taking off the first element, which is the xxx and assigning it to types, then he is creating a new array bind_names which is just a copy of the first without the type (xxx) which he stripped off.  Then he is rebuilding the array exactly the same way it was.  Why does he loop?  Isn't he getting the same array as he started with?

He has an array, then loops and creates an associative array with the names bind(index), then just rebuilds it?

I just don't get this part:
        $bind_params[] = $types;
        $bind_params[] = array_merge($bind_params, $bind_names);
        $return = call_user_func_array(array($st, 'bind_param'),$params);
0
 
NerdsOfTechTechnology ScientistCommented:
Your welcome. More details...

Yeah it looks like the same values going through some unnecessary loop.

I would check to see what this does with the 1st and 2nd paramters:
call_user_func_array

=NerdsOfTech
        // extract the first parameter since it is not an input just a type value we will use later
        $types = $param[0];
 
        // delete the first parameter since it is not an input
        unset($param[0]);
 
        $i = 0;
        // loop through the actual values
 
        // combine them into an array call bind_names
        foreach ($params as $param) {
           $bind_name = 'bind' . $i;						// bind1, bind2, etc
           $$bind_name = $param;         					// $bind1, $bind2, varibles created
           $bind_names[] = &$$bind_name; 			 		// $bind_names builds an array of (value, value, value, value)
        }
        $bind_params[] = $types;	 			 		// = xxxx
        $bind_params[] = array_merge($bind_params, $bind_names); 		// = (xxxx, value, value, value, value)
 
        $return = call_user_func_array(array($st, 'bind_param'),$params);	// = call_user_func_array(array(SQL statement, xxxx, value, value, value, value), xxxx, value, value, value, value)
 

Open in new window

0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now