It can be simply done with a foreach
loop over the $_POST
array, using the key as the parameter name:
// Bind all in a loop:
foreach ($_POST as $key => $value) {
oci_bind_by_name($stid, ":$key", $value);
}
However, you cannot guarantee that the client has sent you the keys in POST that you actually want. It is important then to check them against an array of keys that are actually valid for use in the prepared statement:
$valid_keys = array(
'post1',
'post2',
...
...
'post99'
);
Then loop over those instead, checking that they were actually sent in the POST before attempting to use them.
foreach ($valid_keys as $key) {
if (!isset($_POST[$key])) {
// ERROR! Needed key was not present in $_POST!
// Break the loop if you can't execute the statement...
}
else {
oci_bind_by_name($stid, ":$key", $_POST[$key]);
}
}
If you are intending to build the prepared statement's SQL string dynamically, it is especially important to maintain a list of safe parameter names.