I use this function to bind parameters into prepared statement ,
the parameters are a string inside $_POST["params"] and it looks like that:
{type1:value1}{type2:value2}....
This function is supposed to bind each param with the statement but i get errors :
function executeQuery($q)
{
global $server,$user,$pwd,$db,$output;
$cn = mysqli_connect($server,$user,$pwd);
mysqli_set_charset($cn,"utf8");
mysqli_select_db($cn,$db);
if(isset($_POST["params"]))
{
$ps = mysqli_prepare($cn,base64_decode($q));
$params = $_POST["params"];
$params_array = array();
while(strlen($params)>0)
{
$n1 = strpos($params,"{");
$n2 = strpos($params,"}'");
$param = substr($params,$n1+1,$n2-($n1+1));
$param_exploded = explode(":",$param);
$type = $param_exploded[0];
$params_array[$param_exploded [1]] = $param_exploded[1];
mysqli_stmt_bind_param($ps,$type,$params_array[$param_exploded[1]]);
if($n2+1>=strlen($params))
break;
$params = substr($params,$n2+1);
}
$ps->execute();
$result = mysqli_stmt_result_metadata($ps);
$count = mysqli_num_fields($result);
$output.="<table><tr>";
for($i =0;$i<$count;$i++)
{
$output.="<th>".mysqli_fetch_field_direct($result, $i)->name."</th>";
}
$output.="</tr>";
while($row = mysqli_fetch_assoc($result))
{
$output.="<tr>";
for($i =0;$i<$count;$i++)
{
$output.="<td>".$row[mysqli_fetch_field_direct($result,$i)->name].</td>";
}
$output.="</tr>";
}
$output.="</table>";
}
The output will be an html table. P.S :
query
select * from t1 where c1 = ? and c2 = ?
value of $_POST["params"]:
"{s:A}{s:N}"
