1

I'm using a global function to handle my MySQL requirements in PHP. Here is the code:

function DB_EXECUTE($query, array $array_par, $haveresult = 1){
global $db;
try {
    $stmt = $db->prepare($query);
    $stmt->execute($array_par);
}catch(PDOException $e)
    {
    echo "ERROR: " . $query . "<br>" . $e->getMessage();
    }
$rowF = null;
if ($haveresult > 0){
$rowF = $stmt->fetchAll();
}  
return $rowF;
}

I call the function like this:

$temp_query = "SELECT * FROM users ORDER BY id DESC LIMIT :one, :two";
$temp_array = array(":one" => intval($limit_from), ":two" => intval($limit_to));
$results =  DB_EXECUTE($temp_query, $temp_array, 1);
//Do something with the $results

But I face a problem:

ERROR: SELECT * FROM users ORDER BY id DESC LIMIT :one, :two
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''0', '5'' at line 1

I handle a lot of queries with this function so I don't want to change the way I call it. Instead I want to change the function itself to support Integer type of data.

Bablod
  • 101
  • 3
  • 12
  • Try to use `bindParam` in your function. – Daan Aug 10 '15 at 06:57
  • @Daan Count of $array_par is unknown! How can I use bindParam with that? – Bablod Aug 10 '15 at 07:13
  • Change your code in DB_EXECUTE() 'try' block as follows. $stmt = $db->prepare($query); $stmt->bindParam(':one', $array_par[":one"], PDO::PARAM_INT); $stmt->bindParam(':two', $array_par[":two"], PDO::PARAM_INT); $stmt->execute(); – Tismon Varghese Aug 10 '15 at 07:16
  • @TismonVarghese The count of parameters are unknown! It could be 1 parameter in a query to 10 parameters or even some queries without any parameter! – Bablod Aug 10 '15 at 08:48

0 Answers0