I am using a prepared statement to upload submitted information into a MYSQL database. I would like to know how to pass my prepared statements to a separate variable so I can post a summary of what was uploaded. Here is the following code:
$stmt = $dbh->prepare("INSERT INTO photos (Name, Type, Price, Description, Location, status, id) VALUES (:item_name, :item_type, :item_price, :item_description, :image_location, :status, :id)"); $stmt->bindValue(':item_name', $_POST['item_name']); $stmt->bindValue(':item_type', $_POST['item_type']); $stmt->bindValue(':item_price', $_POST['item_price']); $stmt->bindValue(':item_description', $_POST['item_description']); $stmt->bindValue(':image_location', 'images/'.$_FILES['file']['name']); $stmt->bindValue(':status', 0); $stmt->bindValue(':id', 0); try{ $stmt->execute(); }catch(PDOException $e){ $errors[] = $item_name . "not saved in database."; echo $e->getMessage();
I suppose my question is: How does PHP store the $stmt variable and then execute it? Is
$stmt->execute()
being treated as an array? If so how can I access each prepared value so I can post a summary of each value?
Thank you!
Instead of using ->bindParam()
you can pass the data only at the time of ->execute()
:
$data = [ ':item_name' => $_POST['item_name'], ':item_type' => $_POST['item_type'], ':item_price' => $_POST['item_price'], ':item_description' => $_POST['item_description'], ':image_location' => 'images/'.$_FILES['file']['name'], ':status' => 0, ':id' => 0, ]; $stmt->execute($data);
In this way you would know exactly what values are going to be sent.
You could do $stmt->queryString
to obtain the SQL query used in the statement. If you want to save the entire $stmt variable (I can't see why), you could just copy it. It is an instance of PDOStatement so there is apparently no advantage in storing it.
Source: Stackoverflow.com