views:

35

answers:

3

I'm trying this (and all PoST var are treated before user send it, no SQL Injection worries):

$stmt = $con->prepare($sql);
$stmt->bindParam(":1", $this->getPes_cdpessoa());
$stmt->bindParam(":2", $this->getPdf_nupessoa_def());

When any of those vars are NULL, PDO cries and don't let execute my statement, and on my Table, i DO allow these fields beign nullables.

Is there any way to check if the values are empty, pdo just bind NULL to then (and i mean, a smart way instead if(empty($_POST['blablabla')...) for every single param?

+2  A: 

Try:

$stmt = $con->prepare($sql);
$stmt->bindParam(':1', $this->getPes_cdpessoa(), PDO::PARAM_NULL);
$stmt->bindParam(":2", $this->getPdf_nupessoa_def(), PDO::PARAM_NULL);

Also, see:

karim79
Does not work, still cries about null dates =\
alex
A: 

bindParam needs an actual variable to be passed to it, because it creates a reference. So, when your functions return null, bindParam doesn't really have anything valid to do.

You need to use bindValue instead. Note that bindValue will immediately use whatever value you pass to it, where bindParam waits until statement execution to actually retrieve the values to use.

zerocrates
if I use bindValue, all the security of Params are gone. All I wanted to do is Allow nulls..
alex
`bindValue` still gives you the same prepared-statement-and-placeholder goodness that you get with `bindParam`. The main differences are the time when the value is actually evaluated, and that you can't get DB output like you can with `bindParam`.
zerocrates
A: 

The Alternative syntax works:

$stmt = $con->prepare($sql);
$stmt->execute(array($this->getPes_cdpessoa(), $this->getPdf_nupessoa_def()));
hopeseekr