Is the Leading Colon For Parameter Names Passed to Pdostatement::Bindparam() Optional

Is the leading colon for parameter names passed to PDOStatement::bindParam() optional?

No, since the documentation doesn't mention this I think it's safe to assume that this behaviour isn't officially supported and shouldn't be relied upon.

However, it does actually happen to work (in PHP 5.3.24 at least) - internally a colon will be added to the parameter if it's missing (see ext/pdo/pdo_stmt.c:363 in the PHP 5.3.24 source code).

PDO prepared statement - what are colons in parameter names used for?

Colons are required in the SQL statement, to indicate which identifiers are placeholders.

Colons in the execute() or bindParam() calls are optional. The documentation specifies them, but the implementation is clever enough to figure out what you mean if you leave them out (what else could you mean?).

PHP PDO using bindParam first argument without colon

This post explains why the use of the colon is needed.

Is the leading colon for parameter names passed to PDOStatement::bindParam() optional?

From the post:

No, since the documentation doesn't mention this I think it's safe to
assume that this behaviour isn't officially supported and shouldn't be
relied upon.

However, it does actually happen to work (in PHP 5.3.24 at least) -
internally a colon will be added to the parameter if it's missing (see
ext/pdo/pdo_stmt.c:363 in the PHP 5.3.24 source code).

What does the colon mean in :name when using php bindParam

That maps to the named placeholder in the query. It is not required for the binding, the driver will auto-added it if not present.

In your code you have

$sth = $dbh->prepare('SELECT name, colour, calories
    FROM fruit
    WHERE calories < :calories AND colour = :colour');
                     ^^^^^^^^^              ^^^^^^^

The driver reads anything with the : and trailing text as a placeholder. It then swaps that content with the value being bound, escapes all special characters, and quotes the string.

So then your bindparam has

:calories and :colour which match up to each of those. Let's say $calories had o'brien. When the query went to the DB it would be:

SELECT name, colour, calories
FROM fruit
WHERE calories < 'o\'brien'

PDO also supports unnamed placeholders which are just question marks ?. You bind these by position.

$sth = $dbh->prepare('SELECT name, colour, calories
        FROM fruit
        WHERE calories < ? AND colour = ?');

and then use a 1 because it is the first placeholder.

$sth->bindParam(1, $calories, PDO::PARAM_INT);

Additionally you can just pass all values to the execute function as an array and it will do the binding as well.

Regardless of bindparam or execute binding you have to address the binding by how you use it in the query. Unnamed is positional, named is by name.

PHP - PDO Prepared statment, Warning: PDOStatement::bindParam() expects at least 2 parameters

PDOStatement::bindParam ( mixed $parameter , mixed &$variable )

$parameter: Parameter identifier. For a prepared statement using named placeholders, this will be a parameter name of the form :name. For a prepared statement using question mark placeholders, this will be the 1-indexed position of the parameter.

$variable: Name of the PHP variable to bind to the SQL statement parameter.

You'll want to use:

$this->query->bindParam(':full_name', $this->order);

For more information read PDOStatement::bindParam.

ERRROR PDOStatement::bindParam() expects parameter 3 to be long, string given

Replace

$statement = $db->prepare($sql);
$statement->bindParam("ss", $type, $name);

with

$statement = $db->prepare($sql);
$statement->bindParam(1, $type, PDO::PARAM_STR);
$statement->bindParam(2, $name, PDO::PARAM_STR);

For more information, refer to the manual PDO Bind Param

SQLSTATE[HY093]: Invalid parameter number PHP PDO + MYSQL - form

The last insert are wrong, are missing two named placedholeders, :celular( maybe could be :telefono), :materno (:amaterno) does not exists

        $insertar1 = $this->bd->prepare("INSERT INTO socios(nombre,apaterno,amaterno,cargo,grado,tipodocumento,genero,celular,correooficina,estado,id_empresa)
        values(:nombre,:apaterno,:amaterno,:cargo,1,1,1,:telefono,:email,'1',:id_empresa)");

$insertar1->execute(array(":nombre" => $nombre,
                                 "apaterno"=>$paterno,
                                 ":materno"=>$materno,
                                 ":cargo"=>$cargo,
                                 ":celular"=>$celular,
                                 ":id_empresa"=>$ultimoid,
                                 ":email"=>$email)); 

To fix just match names of array keys with place holders:

$insertar1->execute(array(":nombre" => $nombre,
                                 "apaterno"=>$paterno,
                                 ":amaterno"=>$materno,
                                 ":cargo"=>$cargo,
                                 ":telefono"=>$celular,
                                 ":id_empresa"=>$ultimoid,
                                 ":email"=>$email));

---

Related Topics