Edit report at http://bugs.php.net/bug.php?id=40891&edit=1
ID: 40891
Comment by: ndavis at tenablesecurity dot com
Reported by: john dot navratil at sbcglobal dot net
Summary: mysqli_stmt_bind_param should accept array of
parameters to bind
Status: Assigned
Type: Feature/Change Request
Package: MySQLi related
Operating System: Fedora Core 5
PHP Version: 5.2.1
Assigned To: mysql
Block user comment: N
Private report: N
New Comment:
Agree with John. The current implementation makes writing a mysqli class
much more complex than it needs to be. As of 5.3.3 the function
signature is still the same.
You could overload bind_param() so that if there's 2 arguments, process
the old way. If there's one argument, process it with the input array
feature, as an array.
This would be a very good way to maintain backward compatibility.
The expected array input could be:
array('type'=>'value', etc)
This way we could feed an array to a statement value binding function
and it would Just Work(tm) without needing to write our own class just
to process input variables into the expected input. We can take an
array, apply input filtering to it, and feed the array directly to the
function.
The current implementation is rather inflexible and doesn't lend itself
well to use inside a database class.
thanks!
Previous Comments:
------------------------------------------------------------------------
[2007-03-22 13:24:04] john dot navratil at sbcglobal dot net
Description:
------------
I've read bug #31096 and this is a variant of the same bug, but I
beseech you to reconsider.
The C API to mysql defines my_bool mysql_stmt_bind_param(MYSQL_STMT
*stmt, MYSQL_BIND *bind) to accept an array of parameters to bind to a
prepared statement. PHP 5.2.1 does not and requires the number of
parameters to match both the number of characters in the type string
(essentially an array of types) and the number of parameters in the
prepared statement. This works well for static statements but makes
dynamic statements impossible to prepare unless one resorts to something
like:
$arr = <array-of-values-to-be-bound>
array_unshift($arr, $typeString);
call_user_func_array(array(& $mysqli, "stmt_bind_param"), $arr);
array_shift($arr);
One can argue that this is sufficient (a point which I will concede),
but the beauty of PHP is not in its sufficiency (machine code is
sufficient, ultimately) but in its expressivity. The foregoing is not
very expressive, is tightly bound to the mysqli_stmt_bind_result
signature, and does not mirror the underlying API (which is another PHP
strong point).
Would you please consider a variant which accepts two arguments with the
second being an array of values to bind to the prepared statement?
Thanks!
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=40891&edit=1
