I'm new to PHP and MySQL (and programming in general) and I'm trying to create a generic database handler class called Database_Handler that will help me manage basic things like insert, delete, select, update, etc.
I'm working on a member function to handle insert, currently. In my insert function, I would like to build a prepared PDO insert statement and execute it.
Assume that somewhere in my application, I have called the insert function as follows:
$table = "books";
$cols = array('author', 'title', 'pubdate');
$values = array('Bob Smith', 'Surviving the Zombie Apocalypse', '2010');
$db_handler->insert($table, $cols, $values);
How can I use the data from $table, $cols and $values to build a prepared PDO insert statement? Here's my first effort, based on an answer from "How to insert an array into a single MySQL Prepared statement w/ PHP and PDO".
public function insert($table, $cols, $values){
$numvalues = count($values);
$placeholder = array();
for($i=0; $i<$numvalues; $i++)
$placeholder[$i] = '?';
$sql = 'INSERT INTO '. $table . '(' . implode(",", $cols) . ') ';
$sql.= 'VALUES (' . implode("," $placeholder) . ')"';
$stmt = $this->dbh->prepare($sql);
$for($i=0; $i<$numvalues; $i++)
$stmt->bindParam($i+1, $values[$i])
$stmt->execute();
}
I don't think this will work, but maybe it will give you an idea of what I want to do. I'm a little confused because the example given on the php.net manual is:
$stmt = $dbh->prepare("INSERT INTO REGISTRY (name, value) VALUES (?, ?)");
$stmt->bindParam(1, $name);
$stmt->bindParam(2, $value);
// insert one row
$name = 'one';
$value = 1;
$stmt->execute();
It seems like they are sending $name as a parameter to the bindParam() funciton, then assigning a value to $name afterwards? What is the value of $name when it's sent to bindParam()? Or does bindParam() just associate a parameter with a variable, without taking that variable's data - allowing execute() to handle that part?
