Is the leading colon for parameter names passed to PDOStatement::bindParam() optional?
No, since the documentation doesn't mention this I think it's safe to assume that this behaviour isn't officially supported and shouldn't be relied upon.
However, it does actually happen to work (in PHP 5.3.24 at least) - internally a colon will be added to the parameter if it's missing (see ext/pdo/pdo_stmt.c:363
in the PHP 5.3.24 source code).
PDO prepared statement - what are colons in parameter names used for?
Colons are required in the SQL statement, to indicate which identifiers are placeholders.
Colons in the execute()
or bindParam()
calls are optional. The documentation specifies them, but the implementation is clever enough to figure out what you mean if you leave them out (what else could you mean?).
PHP PDO using bindParam first argument without colon
This post explains why the use of the colon is needed.
Is the leading colon for parameter names passed to PDOStatement::bindParam() optional?
From the post:
No, since the documentation doesn't mention this I think it's safe to
assume that this behaviour isn't officially supported and shouldn't be
relied upon.However, it does actually happen to work (in PHP 5.3.24 at least) -
internally a colon will be added to the parameter if it's missing (see
ext/pdo/pdo_stmt.c:363 in the PHP 5.3.24 source code).
What does the colon mean in :name when using php bindParam
That maps to the named placeholder in the query. It is not required for the binding, the driver will auto-added it if not present.
In your code you have
$sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < :calories AND colour = :colour');
^^^^^^^^^ ^^^^^^^
The driver reads anything with the :
and trailing text as a placeholder. It then swaps that content with the value being bound, escapes all special characters, and quotes the string.
So then your bindparam
has
:calories
and :colour
which match up to each of those. Let's say $calories
had o'brien
. When the query went to the DB it would be:
SELECT name, colour, calories
FROM fruit
WHERE calories < 'o\'brien'
PDO also supports unnamed placeholders which are just question marks ?
. You bind these by position.
$sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < ? AND colour = ?');
and then use a 1
because it is the first placeholder.
$sth->bindParam(1, $calories, PDO::PARAM_INT);
Additionally you can just pass all values to the execute
function as an array and it will do the binding as well.
Regardless of bindparam
or execute
binding you have to address the binding by how you use it in the query. Unnamed is positional, named is by name.
PHP - PDO Prepared statment, Warning: PDOStatement::bindParam() expects at least 2 parameters
PDOStatement::bindParam ( mixed $parameter , mixed &$variable )
$parameter
: Parameter identifier. For a prepared statement using named placeholders, this will be a parameter name of the form :name. For a prepared statement using question mark placeholders, this will be the 1-indexed position of the parameter.
$variable
: Name of the PHP variable to bind to the SQL statement parameter.
You'll want to use:
$this->query->bindParam(':full_name', $this->order);
For more information read PDOStatement::bindParam.
ERRROR PDOStatement::bindParam() expects parameter 3 to be long, string given
Replace
$statement = $db->prepare($sql);
$statement->bindParam("ss", $type, $name);
with
$statement = $db->prepare($sql);
$statement->bindParam(1, $type, PDO::PARAM_STR);
$statement->bindParam(2, $name, PDO::PARAM_STR);
For more information, refer to the manual PDO Bind Param
SQLSTATE[HY093]: Invalid parameter number PHP PDO + MYSQL - form
The last insert are wrong, are missing two named placedholeders, :celular
( maybe could be :telefono
), :materno
(:amaterno
) does not exists
$insertar1 = $this->bd->prepare("INSERT INTO socios(nombre,apaterno,amaterno,cargo,grado,tipodocumento,genero,celular,correooficina,estado,id_empresa)
values(:nombre,:apaterno,:amaterno,:cargo,1,1,1,:telefono,:email,'1',:id_empresa)");
$insertar1->execute(array(":nombre" => $nombre,
"apaterno"=>$paterno,
":materno"=>$materno,
":cargo"=>$cargo,
":celular"=>$celular,
":id_empresa"=>$ultimoid,
":email"=>$email));
To fix just match names of array keys with place holders:
$insertar1->execute(array(":nombre" => $nombre,
"apaterno"=>$paterno,
":amaterno"=>$materno,
":cargo"=>$cargo,
":telefono"=>$celular,
":id_empresa"=>$ultimoid,
":email"=>$email));
Related Topics
What Is Autoloading; How to Use Spl_Autoload, _Autoload and Spl_Autoload_Register
Format Bytes to Kilobytes, Megabytes, Gigabytes
Which $_Server Variables Are Safe
How to Insert Element into Arrays At Specific Position
How to Check If an Email Address Is Real or Valid Using PHP
What's the Deal With a Leading Underscore in PHP Class Methods
How to Check If an Array Contains a Specific Value in PHP
Checking If Customer Has Already Bought Something in Woocommerce
PHP Fatal Error: Call to Undefined Function Mssql_Connect()
Is MySQL_Real_Escape_String() Broken
Creating Jquery Ajax Requests to a PHP Function
How to Replace MySQL Functions With Pdo
The Holy Grail of Cleaning Input and Output in PHP
Difference in Accessing Arrays in PHP 5.3 and 5.4 or Some Configuration Mismatch
When Should I Use Memcache Instead of Memcached
Remove the Last Character from a String
Best Way to Test For a Variable'S Existence in PHP; Isset() Is Clearly Broken