tags:

views:

53

answers:

1

Hi there!

I'm trying to do a little PDO CRUD to learn some PDO. I have a question about bindParam. Here's my update method right now:

public static function update($conditions = array(), $data = array(), $table = '')
{
    self::instance();

    // Late static bindings (PHP 5.3)
    $table = ($table === '') ? self::table() : $table;

    // Check which data array we want to use
    $values  = (empty($data)) ? self::$_fields : $data;

    $sql     = "UPDATE $table SET ";
    foreach ($values as $f => $v)
    {
        $sql .= "$f = ?, ";
    }

    // let's build the conditions
    self::build_conditions($conditions);

    // fix our WHERE, AND, OR, LIKE conditions
    $extra = self::$condition_string;

    // querystring
    $sql   = rtrim($sql, ', ') . $extra;

    // let's merge the arrays into on
    $v_val = array_values($values);
    $c_val = array_values($conditions);
    $array = array_merge($v_val, self::$condition_array);

    $stmt  = self::$db->prepare($sql);
    return $stmt->execute($array);
} 

in my "self::$condition_array" I get all the right values from the ?. SO the query looks like this:

UPDATE table SET this = ?, another = ? WHERE title = ? AND time = ?

as you can see I dont use bindParams instead I pass the right values in the right order ($array) directly into the execute($array) method. This works like a charm BUT is it safe not use use bindParam here?

If not then how can I do it?

Thanks from Sweden

Tobias

+1  A: 

Yes, it is safe. bindParam() associates a parameter with a variable, use it when you want value of a variable to be used when execute() is called. Otherwise what you are doing is fine.

PHP Docs on PDO bindParam()

Imran
Thank you! Imran
sandelius