php mysql parameters, can someone please explain this code?

I have no idea what this prepare, question marks, and other stuff do.  Can someone please explain?  Some code is missing, but this is the important stuff

        function create($input)
        {
            $params = array('xxxx',
                            $input->__get(first),
                            $input->__get(last),
                            date( 'Y-m-d H:i:s'),
                            date( 'Y-m-d H:i:s'));
            $query = "INSERT INTO user (first, last, createddate, lastmodifieddate) VALUES (?,?,?,?)";
            $this->msqlConn->exeDB($query, $params);
        }


    function exeDB($query, $parameters)
    {
        $this->getMySqliConnection();
        $st = $this->m_sqliconnection->prepare($query);
        if(mysqli_errno($this->m_sqliconnection))
        {
            die("ERROR");
        }

        $types = $param[0];
        unset($param[0]);
        $i = 0;
        foreach ($params as $param) {
           $bind_name = 'bind' . $i;
           $$bind_name = $param;
           $bind_names[] = &$$bind_name;
        }
        $bind_params[] = $types;
        $bind_params[] = array_merge($bind_params, $bind_names);
        $return = call_user_func_array(array($st, 'bind_param'),$params);
        if(!$st->execute())
        {
            die("Execute error : " . mysqli_error());
        }
        $st->close();
        $this->closeMySqliConnection();
    }
jackjohnson44Asked:
Who is Participating?
 
NerdsOfTechConnect With a Mentor Technology ScientistCommented:
Your welcome. More details...

Yeah it looks like the same values going through some unnecessary loop.

I would check to see what this does with the 1st and 2nd paramters:
call_user_func_array

=NerdsOfTech
        // extract the first parameter since it is not an input just a type value we will use later
        $types = $param[0];
 
        // delete the first parameter since it is not an input
        unset($param[0]);
 
        $i = 0;
        // loop through the actual values
 
        // combine them into an array call bind_names
        foreach ($params as $param) {
           $bind_name = 'bind' . $i;						// bind1, bind2, etc
           $$bind_name = $param;         					// $bind1, $bind2, varibles created
           $bind_names[] = &$$bind_name; 			 		// $bind_names builds an array of (value, value, value, value)
        }
        $bind_params[] = $types;	 			 		// = xxxx
        $bind_params[] = array_merge($bind_params, $bind_names); 		// = (xxxx, value, value, value, value)
 
        $return = call_user_func_array(array($st, 'bind_param'),$params);	// = call_user_func_array(array(SQL statement, xxxx, value, value, value, value), xxxx, value, value, value, value)
 

Open in new window

0
 
NerdsOfTechTechnology ScientistCommented:
getMySqliConnection() seems to be a user-defined class.

This user-defined class may have functions or properties associated with it.

You may want to search your database connection code for this class to learn more.

If the script is throwing errors, you may be missing the include that defines this user-defined class.
<?php
//example class
class MyClass
{
    const constant = 'constant value';
 
    function showConstant() {
        echo  self::constant . "\n";
    }
}
 
echo MyClass::constant . "\n";
 
$classname = "MyClass";
echo $classname::constant . "\n"; // As of PHP 5.3.0
 
$class = new MyClass();
$class->showConstant();
 
echo $class::constant."\n"; // As of PHP 5.3.0
?>

Open in new window

0
 
jackjohnson44Author Commented:
Thanks, I am more concerned with the prepare, and parameters stuff.  the getmysqlconn is just a function that returns a db connection.  It isn't too important.
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
NerdsOfTechTechnology ScientistCommented:
check: m_sqliconnection

        $this->getMySqliConnection();
        $st = $this->m_sqliconnection->prepare($query);
        if(mysqli_errno($this->m_sqliconnection))

looks like a user defined class to me
0
 
NerdsOfTechTechnology ScientistCommented:
prepare sounds like a query placeholder
sound like a sqli transaction here
0
 
NerdsOfTechTechnology ScientistCommented:
Answered:
function exeDB($query, $parameters) takes Parameters and REPLACES each ? from left to right in
SQL query


            $params = array('xxxx',
                            $input->__get(first),
                            $input->__get(last),
                            date( 'Y-m-d H:i:s'),
                            date( 'Y-m-d H:i:s'));
            $query = "INSERT INTO user (first, last, createddate, lastmodifieddate) VALUES (?,?,?,?)";
            $this->msqlConn->exeDB($query, $params);
0
 
jackjohnson44Author Commented:
Thanks, but I am really not following at all.  What are the questionmarks for?  What is the array with xxxx for?  Why xxxx?  What does this mean?

        foreach ($params as $param) {
           $bind_name = 'bind' . $i;
           $$bind_name = $param;
           $bind_names[] = &$$bind_name;
        }
        $bind_params[] = $types;
        $bind_params[] = array_merge($bind_params, $bind_names);
        $return = call_user_func_array(array($st, 'bind_param'),$params);
0
 
NerdsOfTechTechnology ScientistCommented:
Read my comments. Hope this helps
 function create($input)
        {
	    // build an array called params that corresponds to the values in SQL statement
             $params = array('xxxx',
                            $input->__get(first),
                            $input->__get(last),
                            date( 'Y-m-d H:i:s'),
                            date( 'Y-m-d H:i:s'));
 
	    // build SQL statement with ? marks to be later filled in by with params using the function exeDB
            $query = "INSERT INTO user (first, last, createddate, lastmodifieddate) VALUES (?,?,?,?)";
 
	    // execute SQL statement
            $this->msqlConn->exeDB($query, $params);
        }
 
 
    function exeDB($query, $parameters)
    {
        // this function executes an SQL statement; but first, we will do some replace work on the SQL
 
	// load db object
        $this->getMySqliConnection();
 
	// load query. in the SQL the ? marks is input the db is waiting for to replace with valid inputs
        $st = $this->m_sqliconnection->prepare($query);
        if(mysqli_errno($this->m_sqliconnection))
        {
            die("ERROR"); // query not valid
        }
 
	// extract the first parameter since it is not an input just a type value we will use later
        $types = $param[0];
	// delete the first parameter since it is not an input
        unset($param[0]);
 
        $i = 0;
	// loop through the actual values and create varibles named bind1, bind2, bind3, etc with values of parameters
	// combine them into an array call bind_names
        foreach ($params as $param) {
           $bind_name = 'bind' . $i;
           $$bind_name = $param;
           $bind_names[] = &$$bind_name;
        }
        $bind_params[] = $types;
        $bind_params[] = array_merge($bind_params, $bind_names);
        $return = call_user_func_array(array($st, 'bind_param'),$params);
 
	//execute the query with the values replaced in SQL
 
        if(!$st->execute())
        {
            die("Execute error : " . mysqli_error());
        }
        $st->close();
        $this->closeMySqliConnection();

Open in new window

0
 
jackjohnson44Author Commented:
Thanks so much for your help.  I really appreciate your patience here.  I think that now I understand most of it, although I still am foggy on one part.  again, thanks so much.  I am a little dense.

What does types refer to?  xxx doesn't mean anything (that I can think of) and why would it be pushed back into the array?  It looks like he is taking off the first element, which is the xxx and assigning it to types, then he is creating a new array bind_names which is just a copy of the first without the type (xxx) which he stripped off.  Then he is rebuilding the array exactly the same way it was.  Why does he loop?  Isn't he getting the same array as he started with?

He has an array, then loops and creates an associative array with the names bind(index), then just rebuilds it?

I just don't get this part:
        $bind_params[] = $types;
        $bind_params[] = array_merge($bind_params, $bind_names);
        $return = call_user_func_array(array($st, 'bind_param'),$params);
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.