PHP PDOStatement: bindParam insertion data error problem analysis_PHP tutorial

Without further ado, let’s look at the code directly:

Copy the code The code is as follows:

$dbh = new PDO('mysql:host=localhost;dbname=test', "test");

$query = << INSERT INTO `user` (`username`, `password`) VALUES (:username, :password);
QUERY;
$statement = $dbh->prepare($query);

$bind_params = array(':username' => "laruence", ':password' => "weibo");
foreach( $bind_params as $key => $value ){
$statement->bindParam($key, $ value);
}
$statement->execute();

Excuse me, what is the SQL statement that is finally executed, and is there any problem with the above code?
Okey , I think most students will think that the final executed SQL is:
INSERT INTO `user` (`username`, `password`) VALUES ("laruence", "weibo");
But, it’s a pity Yes, you are wrong. The final SQL executed is:
INSERT INTO `user` (`username`, `password`) VALUES ("weibo", "weibo");
Isn’t this a big pitfall? What?
This problem comes from a bug report today: #63281
The reason is that the difference between bindParam and bindValue is that bindParam requires the second parameter to be a reference variable.
Let us disassemble the foreach of the above code, which is this foreach:

Copy the code The code is as follows:

< ;?php
foreach( $bind_params as $key => $value ){
$statement->bindParam($key, $value);
}

Equivalent to:

Copy code The code is as follows:

//First loop
$value = $bind_params[":username"];
$statement->bindParam(":username", &$value); //At this time, :username is a reference to the $value variable

//Second loop
$value = $bind_params[":password"]; //oops! $value is overwritten to the value of:password
$statement->bindParam(": password", &$value);

So, when using bindParam, pay special attention to the trap of using it in conjunction with foreach. So what is the correct approach?
1. Do not use foreach , but manually assign the value

Copy code The code is as follows:

$statement->bindParam (":username", $bind_params[":username"]); //$value is a reference variable
$statement->bindParam(":password", $bind_params[":password"]);

2. Use bindValue instead of bindParam, or pass the entire parameter array directly in execute.
3. Use foreach and reference (not recommended)

Copy the code The code is as follows:

foreach( $bind_params as $key => &$value ) { //Pay attention here
$ statement->bindParam($key, $value);
}

Finally, to elaborate, for functions that require parameters to be references and have lag processing, you must use foreach time, be cautious!

http://www.bkjia.com/PHPjc/825167.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/825167.htmlTechArticleWithout further ado, let’s look at the code directly: Copy the code as follows: ?php $dbh = new PDO('mysql :host=localhost;dbname=test', "test"); $query = QUERY INSERT INTO `user` (`username`, `passwor...