PHP 手册
后退		前进

PDOStatement::bindParam

(no version information, might be only in CVS)

PDOStatement::bindParam -- Binds a parameter to the specified variable name

说明

bool PDOStatement::bindParam ( mixed parameter, mixed &variable [, int data_type [, int length [, mixed driver_options]]] )

Binds a PHP variable to a corresponding named or question mark placeholder in the SQL statement that was use to prepare the statement. Unlike PDOStatement::bindValue(), the variable is bound as a reference and will only be evaluated at the time that PDOStatement::execute() is called.

Most parameters are input parameters, that is, parameters that are used in a read-only fashion to build up the query. Some drivers support the invocation of stored procedures that return data as output parameters, and some also as input/output parameters that both send in data and are updated to receive it.

参数

parameter: Parameter identifier. For a prepared statement using named placeholders, this will be a parameter name of the form :name. For a prepared statement using question mark placeholders, this will be the 1-indexed position of the parameter.
variable: Name of the PHP variable to bind to the SQL statement parameter.
data_type: Explicit data type for the parameter using the PDO_PARAM_* constants. To return an INOUT parameter from a stored procedure, use the bitwise OR operator to set the PDO_PARAM_INPUT_OUTPUT bits for the data_type parameter.
length: Length of the data type. To indicate that a parameter is an OUT parameter from a stored procedure, you must explicitly set the length.
driver_options

范例

例子 1. Execute a prepared statement with named placeholders


<?php
/* Execute a prepared statement by binding PHP variables */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
    FROM fruit
    WHERE calories < :calories AND colour = :colour');
$sth->bindParam(':calories', $calories, PDO_PARAM_INT);
$sth->bindParam(':colour', $colour, PDO_PARAM_STR, 12);
$sth->execute();
?>

例子 2. Execute a prepared statement with question mark placeholders


<?php
/* Execute a prepared statement by binding PHP variables */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
    FROM fruit
    WHERE calories < ? AND colour = ?');
$sth->bindParam(1, $calories, PDO_PARAM_INT);
$sth->bindParam(2, $colour, PDO_PARAM_STR, 12);
$sth->execute();
?>

例子 3. Call a stored procedure with an INOUT parameter


<?php
/* Call a stored procedure with an INOUT parameter */
$colour = 'red';
$sth = $dbh->prepare('CALL puree_fruit(?)');
$sth->bindParam(1, $colour, PDO_PARAM_STR|PDO_PARAM_INPUT_OUTPUT, 12);
$sth->execute();
print("After pureeing fruit, the colour is: $colour");
?>

参见

PDO::prepare()

PDOStatement::execute()

PDOStatement::bindValue()

add a note User Contributed Notes

Filofox
10-Apr-2006 06:09


Do not try to use the same named parameter twice in a single SQL statement, for example



$sql = 'SELECT * FROM some_table WHERE  some_value > :value OR some_value < :value';

$stmt = $dbh->prepare($sql);

$stmt->execute( array( ':value' => 3 ) );



...this will return no rows and no error -- you must use each parameter once and only once. Apparently this is expected behavior (according to this bug report: http://bugs.php.net/bug.php?id=33886)  because of portability issues.

06-Feb-2006 06:25


A caution for those using bindParam() on a placeholder in a 

LIKE '%...%' clause, the following code will likely not work:



$q = "SELECT id, name FROM test WHERE name like '%:foo%'";

$s = "carrot";

$sth = $dbh->prepare($q);

$sth->bindParam(':foo', $s);

$sth->execute();



What is needed is something like the following:



$s = "%$s%";

$sth->bindParam(':foo', $s);



This should work. Tested against mysql 4.1, PHP 5.1.3.

add a note

后退	起点	前进
PDOStatement::bindColumn	上一级	PDOStatement::bindValue