0

I have the following code...

$statement = $conn->prepare("insert into logtest (course, date, time, distance,
      actualstarttime, finishtime, fav, favtotalmatched, favwma, 2ndfav,
      2ndfavtotalmatched, 2ndfavwma, 3rdfav, 3rdfavtotalmatched, 3rdfavwma,
      orangeflag, greenflag, betplaced, totalracetime, numcalculations,
      secswaitedbeforemonitoring, monitorstarttime, totalmonitoringtime)
      values (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?);");

    for($i = 0; $i < 23; $i++){
        $statement->bindParam($i + 1, $record[$i]);
    }

    $recordsprocessed = 0;

    $line = fgets($file); // Do this once before the loop to go past
                          // the column headers line

    while (!feof($file)){
        $line = fgets($file);
        $record = explode(",", $line);
        print_r($record);
        $statement->execute();
        ++$recordsprocessed;
    }

    echo "<p>Import finished.  $recordsprocessed records imported.</p>";

The code is filling the database with nulls. I can't understand why. I used a print_r to verify that the $record array does contain values.

From page http://php.net/manual/en/pdo.prepared-statements.php there is an implication that the parameters can be bound to variables before those variables contained values, so I assumed I could bind to the items of $record and then fill those values in a loop later on.

What am I doing wrong? Or does bindParam simply not work with arrays?

Improve this question

1 Answer 1

Reset to default
1

As an alternative, you could just get those values per line then just add those batches thru ->execute()

$query = 'INSERT INTO logtest 
    (course,date,time,distance,actualstarttime,finishtime,fav,favtotalmatched,favwma,2ndfav,2ndfavtotalmatched,2ndfavwma,3rdfav,3rdfavtotalmatched,3rdfavwma,
        orangeflag,greenflag,betplaced,totalracetime,numcalculations,secswaitedbeforemonitoring,monitorstarttime,totalmonitoringtime) 
        values (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)
';
$statement = $conn->prepare($query);

$recordsprocessed = 0;
$line = fgets($file);  // do this once before the loop to go past the column headers line
while (!feof($file)){

    $line = fgets($file);

    $record = explode(",",$line);

    $statement->execute($record);

    ++$recordsprocessed;
}

echo "<p>Import finished.  $recordsprocessed records imported.</p>";
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

That works... But is it sql injection safe? I assume it must be if I'm using PDO and the variables are not directly mentioned in the query string, but I am asking to be sure.
@MrVimes absolutely, it doesn't bind each value like ->bindParam/bindValue but this bind values as well. so to answer your question, yes its safe

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.