Link to home
Start Free TrialLog in
Avatar of jackjohnson44
jackjohnson44

asked on

php mysql parameters, can someone please explain this code?

I have no idea what this prepare, question marks, and other stuff do.  Can someone please explain?  Some code is missing, but this is the important stuff

        function create($input)
        {
            $params = array('xxxx',
                            $input->__get(first),
                            $input->__get(last),
                            date( 'Y-m-d H:i:s'),
                            date( 'Y-m-d H:i:s'));
            $query = "INSERT INTO user (first, last, createddate, lastmodifieddate) VALUES (?,?,?,?)";
            $this->msqlConn->exeDB($query, $params);
        }


    function exeDB($query, $parameters)
    {
        $this->getMySqliConnection();
        $st = $this->m_sqliconnection->prepare($query);
        if(mysqli_errno($this->m_sqliconnection))
        {
            die("ERROR");
        }

        $types = $param[0];
        unset($param[0]);
        $i = 0;
        foreach ($params as $param) {
           $bind_name = 'bind' . $i;
           $$bind_name = $param;
           $bind_names[] = &$$bind_name;
        }
        $bind_params[] = $types;
        $bind_params[] = array_merge($bind_params, $bind_names);
        $return = call_user_func_array(array($st, 'bind_param'),$params);
        if(!$st->execute())
        {
            die("Execute error : " . mysqli_error());
        }
        $st->close();
        $this->closeMySqliConnection();
    }
Avatar of NerdsOfTech
NerdsOfTech
Flag of United States of America image

getMySqliConnection() seems to be a user-defined class.

This user-defined class may have functions or properties associated with it.

You may want to search your database connection code for this class to learn more.

If the script is throwing errors, you may be missing the include that defines this user-defined class.
<?php
//example class
class MyClass
{
    const constant = 'constant value';
 
    function showConstant() {
        echo  self::constant . "\n";
    }
}
 
echo MyClass::constant . "\n";
 
$classname = "MyClass";
echo $classname::constant . "\n"; // As of PHP 5.3.0
 
$class = new MyClass();
$class->showConstant();
 
echo $class::constant."\n"; // As of PHP 5.3.0
?>

Open in new window

Avatar of jackjohnson44
jackjohnson44

ASKER

Thanks, I am more concerned with the prepare, and parameters stuff.  the getmysqlconn is just a function that returns a db connection.  It isn't too important.
check: m_sqliconnection

        $this->getMySqliConnection();
        $st = $this->m_sqliconnection->prepare($query);
        if(mysqli_errno($this->m_sqliconnection))

looks like a user defined class to me
prepare sounds like a query placeholder
sound like a sqli transaction here
Answered:
function exeDB($query, $parameters) takes Parameters and REPLACES each ? from left to right in
SQL query


            $params = array('xxxx',
                            $input->__get(first),
                            $input->__get(last),
                            date( 'Y-m-d H:i:s'),
                            date( 'Y-m-d H:i:s'));
            $query = "INSERT INTO user (first, last, createddate, lastmodifieddate) VALUES (?,?,?,?)";
            $this->msqlConn->exeDB($query, $params);
Thanks, but I am really not following at all.  What are the questionmarks for?  What is the array with xxxx for?  Why xxxx?  What does this mean?

        foreach ($params as $param) {
           $bind_name = 'bind' . $i;
           $$bind_name = $param;
           $bind_names[] = &$$bind_name;
        }
        $bind_params[] = $types;
        $bind_params[] = array_merge($bind_params, $bind_names);
        $return = call_user_func_array(array($st, 'bind_param'),$params);
Read my comments. Hope this helps
 function create($input)
        {
	    // build an array called params that corresponds to the values in SQL statement
             $params = array('xxxx',
                            $input->__get(first),
                            $input->__get(last),
                            date( 'Y-m-d H:i:s'),
                            date( 'Y-m-d H:i:s'));
 
	    // build SQL statement with ? marks to be later filled in by with params using the function exeDB
            $query = "INSERT INTO user (first, last, createddate, lastmodifieddate) VALUES (?,?,?,?)";
 
	    // execute SQL statement
            $this->msqlConn->exeDB($query, $params);
        }
 
 
    function exeDB($query, $parameters)
    {
        // this function executes an SQL statement; but first, we will do some replace work on the SQL
 
	// load db object
        $this->getMySqliConnection();
 
	// load query. in the SQL the ? marks is input the db is waiting for to replace with valid inputs
        $st = $this->m_sqliconnection->prepare($query);
        if(mysqli_errno($this->m_sqliconnection))
        {
            die("ERROR"); // query not valid
        }
 
	// extract the first parameter since it is not an input just a type value we will use later
        $types = $param[0];
	// delete the first parameter since it is not an input
        unset($param[0]);
 
        $i = 0;
	// loop through the actual values and create varibles named bind1, bind2, bind3, etc with values of parameters
	// combine them into an array call bind_names
        foreach ($params as $param) {
           $bind_name = 'bind' . $i;
           $$bind_name = $param;
           $bind_names[] = &$$bind_name;
        }
        $bind_params[] = $types;
        $bind_params[] = array_merge($bind_params, $bind_names);
        $return = call_user_func_array(array($st, 'bind_param'),$params);
 
	//execute the query with the values replaced in SQL
 
        if(!$st->execute())
        {
            die("Execute error : " . mysqli_error());
        }
        $st->close();
        $this->closeMySqliConnection();

Open in new window

Thanks so much for your help.  I really appreciate your patience here.  I think that now I understand most of it, although I still am foggy on one part.  again, thanks so much.  I am a little dense.

What does types refer to?  xxx doesn't mean anything (that I can think of) and why would it be pushed back into the array?  It looks like he is taking off the first element, which is the xxx and assigning it to types, then he is creating a new array bind_names which is just a copy of the first without the type (xxx) which he stripped off.  Then he is rebuilding the array exactly the same way it was.  Why does he loop?  Isn't he getting the same array as he started with?

He has an array, then loops and creates an associative array with the names bind(index), then just rebuilds it?

I just don't get this part:
        $bind_params[] = $types;
        $bind_params[] = array_merge($bind_params, $bind_names);
        $return = call_user_func_array(array($st, 'bind_param'),$params);
ASKER CERTIFIED SOLUTION
Avatar of NerdsOfTech
NerdsOfTech
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial