PDOStatement::bindParam()

(PHP 5 >= 5.1.0, PHP 7, PECL pdo >= 0.1.0)

绑定一个参数到指定的变量名

说明

绑定一个PHP变量到用作预处理的SQL语句中的对应命名占位符或问号占位符。不同于PDOStatement::bindValue()，此变量作为引用被绑定，并只在PDOStatement::execute()被调用的时候才取其值。

大多数参数是输入参数，即，参数以只读的方式用来建立查询。一些驱动支持调用存储过程并作为输出参数返回数据，一些支持作为输入/输出参数，既发送数据又接收更新后的数据。

参数

参数标识符。对于使用命名占位符的预处理语句，应是类似:name形式的参数名。对于使用问号占位符的预处理语句，应是以1开始索引的参数位置。

绑定到 SQL 语句参数的 PHP 变量名。

使用 PDO::PARAM_*常量明确地指定参数的类型。要从一个存储过程中返回一个 INOUT 参数，需要为$data_type参数使用按位或操作符去设置 PDO::PARAM_INPUT_OUTPUT 位。

数据类型的长度。为表明参数是一个存储过程的 OUT 参数，必须明确地设置此长度。

返回值

成功时返回TRUE，或者在失败时返回FALSE。

范例

执行一条使用命名占位符的预处理语句

执行一条使用问号占位符的预处理语句

使用 INOUT 参数调用一个存储过程

参见

• PDO::prepare() 准备要执行的语句，并返回语句对象
• PDOStatement::execute() 执行一条预处理语句
• PDOStatement::bindValue() 把一个值绑定到一个参数

I know this has been said before but I'll write a note on it too because I think it's important to keep in mind:
If you use PDO bindParam to do a search with a LIKE condition you cannot put the percentages and quotes to the param placeholder '%:keyword%'.
This is WRONG:
"SELECT * FROM `users` WHERE `firstname` LIKE '%:keyword%'";
The CORRECT solution is to leave clean the placeholder like this:
"SELECT * FROM `users` WHERE `firstname` LIKE :keyword";
And then add the percentages to the php variable where you store the keyword:
$keyword = "%".$keyword."%";
And finally the quotes will be automatically added by PDO when executing the query so you don't have to worry about them.
So the full example would be: 

This works ($val by reference):

This will fail ($val by value, because bindParam needs &$variable): 

Note that when using PDOStatement::bindParam an integer is changed to a string value upon PDOStatement::execute(). (Tested with MySQL). 
This can cause problems when trying to compare values using the === operator.
Example:

results in:
int(1) 
int(1) 
string(1) "1"

There seems to be some confusion about whether you can bind a single value to multiple identical placeholders. For example:
$sql = "SELECT * FROM user WHERE is_admin = :myValue AND is_deleted = :myValue ";
$params = array("myValue" => "0");
Some users have reported that attempting to bind a single parameter to multiple placeholders yields a parameter mismatch error in PHP version 5.2.0 and earlier. Starting with version 5.2.1, however, this seems to work just fine.
For details, see bug report 40417:
http://bugs.php.net/bug.php?id=40417

SQL Server 2008 R2
If this was in the documentation, I didn't stumble across it. When using bound output parameters with a stored procedure, the output parameters are updated AFTER the LAST rowset has been processed.
If your stored procedure does not return any rowsets (no SELECT statements) then you are set, your output parameters will be ready as soon as the stored procedure is processed.
Otherwise you need to process the rows, and then:

Once that is done for each returning rowset you will have access to the output parameters.

Do not try to use the same named parameter twice in a single SQL statement, for example

...this will return no rows and no error -- you must use each parameter once and only once. Apparently this is expected behavior (according to this bug report: http://bugs.php.net/bug.php?id=33886) because of portability issues.

Please note, that PDO format numbers according to current locale. So if, locale set number format to something else, that standard that query WILL NOT work properly.
For example:
in Polish locale (pl_PL) proper decimal separator is coma (","), so: 123,45, not 123.45. If we try bind 123.45 to the query, we will end up with coma in the query. 

http://technet.microsoft.com/en-us/library/ff628166(v=sql.105).aspx
When binding null data to server columns of type varbinary, binary, or varbinary(max) you should specify binary encoding (PDO::SQLSRV_ENCODING_BINARY) using the $driver_options. See Constants for more information about encoding constants.
Support for PDO was added in version 2.0 of the Microsoft Drivers for PHP for SQL Server. 

if you are storing files (or binary data), using PARAM_LOB (and moreover trying to do this with Oracle), don't miss this page :
http://php.net/manual/en/pdo.lobs.php
You will there notice that PDO-PGSQL and PDO-OCI don't work the same at all : not the same argument nor the same behaviour.

Took me forever to find this elsewhere in the notes in the manual, so I'd thought I'd put this tidbit here to help others in the future.
When using a LIKE search in MySQL along with a prepared statement, the *value* must have the appropriate parentheses attached before the bindParam() statement as such:

Trying to use

will fail.

鹏仔微信 15129739599 鹏仔QQ344225443 鹏仔前端 pjxi.com 共享博客 sharedbk.com