class - Custom mysqli prepare function -

class - Custom mysqli prepare function -

i'm doing first own database class @ moment , i'm doing prepare function.

what function take in sql-query , array containing variables statement. i'm having problems binding parameters statement.

this how function looks now

public function prepare($query, $var) { $types = ''; foreach($var $a) { $type = gettype($a); switch($type) { case 'integer': $types .= 'i'; break; case 'string': $types .= 's'; break; default: exit('invalid type: ' . $a .' ' . $type . '(' . count($a) . ')'); break; } } $stmt = self::$connection->prepare($query); $stmt->bind_param($types, $var); // how do here?? $stmt->execute(); $result = $stmt->get_result(); while($row = $result->fetch_assoc()) { print_r($row); } }

everything works want (i know function polishing needs do). have commented line i'm having problem figuring out do. $var array , if recall things correctly variables needs passed seperately seperated comma. i'm clueless.

the thought of own database class great. few people here share it, reason prefers raw api calls on code. so, you're taking great step further. however, here objections:

don't utilize mysqli first own database class if you're going utilize native prepared statements. utilize pdo instead. save ton of headaches. despite of fact function works right you, makes not much sense: switch($type) code block useless. mysql can understand every scalar value string - can bind every value s no problem. most integers coming client side have string type anyway. there legitimate types float or null or object can homecoming string. so, automation won't work here. if want distinguish different types, have implement type hinted placeholders instead. never utilize exit in scripts. throw new exception('put here error message') instead. this not prepare function execute well. so, give more generic name

but problem direct consequence of using mysqli. nightmare when dealing prepared statements. not binding retrieving info (because get_result() works not everywhere, , after creating application locally find doesn't work on shared hosting). can create thought looking @ this bunch of code served purpose - bind dynamical number of variables.

so, maintain away mysqli far as could. pdo function simple this

public function query($query, $var=array()) { $stmt = self::$connection->prepare($query); $stmt->execute($var); homecoming $stmt->fetchall(pdo::fetch_assoc); } // , used $data = $db->("select 1"); print_r($data);

you can take @ class ideas. sense free inquire questions regarding database classes - it's great thing, , glad you're going way.

to reply questions comments.

to allow know, you're not user of site. there innocent visitors. unlike you, don't need no error messages, , scared unusual behavior , lack of familiar controls.

exit() error message many evil things

throws error message out, revealing scheme internals potential attacker scaring innocent user unusual message. "what's that? invalid? mine fault or what? or may it's virus? improve leave site @ all" - thinks them. killing script in middle, may cause torn design (or no design @ all) shown killing script irrecoverably. while thrown exception can caught , gracefully handled

when connecting pdo, no need throw here exception already thrown pdo. so, rid of try ... catch , leave 1 line:

self::$connection = new pdo($dsn, $user, $pass);

then create custom exception handler work in 2 modes:

on development server allow throw message on screen. on live server allow log error while showing generic error page user

use seek ... grab if don't want whole script die - i.e. handle recoverable issue only.

by way, pdo don't throw exception on connect default. have set manually:

$opt = array( pdo::attr_errmode => pdo::errmode_exception ); self::$connection = new pdo($dsn, $user, $pass, $opt);

class mysqli prepared-statement sqlbindparameter