Can't bind string containing @ char with mysqli_stmt_bind_param

Posted by Tirithen on Stack Overflow See other posts from Stack Overflow or by Tirithen
Published on 2010-05-29T16:49:40Z Indexed on 2010/05/29 16:52 UTC
Read the original article Hit count: 380

I have a problem with my database class. I have a method that takes one prepared statement and any number of parameters, binds them to the statement, executes the statement and formats the result into a multidimentional array. Everthing works fine until I try to include an email adress in one of the parameters. The email contains an @ character and that one seems to break everything. When I supply with parameters:

$types = "ss" and $parameters = array("[email protected]", "testtest")

I get the error:

Warning: Parameter 3 to mysqli_stmt_bind_param() expected to be a reference, value given in ...db/Database.class.php on line 63

Here is the method:

private function bindAndExecutePreparedStatement(&$statement, $parameters, $types) {
    if(!empty($parameters)) {
        call_user_func_array('mysqli_stmt_bind_param', array_merge(array($statement, $types), &$parameters));
        /*foreach($parameters as $key => $value) {
            mysqli_stmt_bind_param($statement, 's', $value);
        }*/
    }

    $result = array();

    $statement->execute() or debugLog("Database error: ".$statement->error);

    $rows = array();

    if($this->stmt_bind_assoc($statement, $row)) {
        while($statement->fetch()) {
            $copied_row = array();
            foreach($row as $key => $value) {
                if($value !== null && mb_substr($value, 0, 1, "UTF-8") == NESTED) { // If value has a nested result inside
                    $value = mb_substr($value, 1, mb_strlen($value, "UTF-8") - 1, "UTF-8");
                    $value = $this->parse_nested_result_value($value);
                }
                $copied_row[$ke<y] = $value;
            }
            $rows[] = $copied_row;
        }
    }

    // Generate result
    $result['rows'] = $rows;
    $result['insert_id'] = $statement->insert_id;
    $result['affected_rows'] = $statement->affected_rows;
    $result['error'] = $statement->error;

    return $result;
}

I have gotten one suggestion that:

the array_merge is casting parameter to string in the merge change it to &$parameters so it remains a reference

So I tried that (3rd line of the method), but it did not do any difference.

How should I do? Is there a better way to do this without call_user_func_array?

© Stack Overflow or respective owner

Related posts about php

Related posts about mysqli