Why doesn't pdo::execute() replace pseudo variables?

A

alestro2015-12-13 21:07:05

PHP

alestro, 2015-12-13 21:07:05

private function attributes($atributes, $isObject=false){
    if($isObject){$attributes=get_object_vars($atributes);}
    	foreach($atributes as $key=>$value) {
      	if(!empty($value)){
        	$keys[]=$key;
      $values[]=$value;
      $props[':'.$key]=$value;
      	}
    	}
    	return [$keys,$values,$props];
  }
  
  public function create($arrayOrObject,$tableName,$isObject=false){
    $attributes = self::attributes($arrayOrObject,$isObject);
    if(empty($attributes)){return false;}
       list($keys,$values,$props)=$attributes;
    	$sql = "INSERT INTO ".$tableName." ( ";
    $sql .= implode(", ", $keys);
    	$sql .= " ) VALUES (' ";
    $sql .= implode("','", array_keys($props));
    $sql .= " ')";
    $sth=$this->prepare($sql);
    $sth->execute( $props);
  }

When executing a query, records are added to the table, but pseudo-variables are inserted instead of values, as shown in the screenshot below, what is the problem?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Aleksey Ratnikov, 2015-12-13
@alestro

If you are passing parameters as an argument to execute() instead of binding them one at a time, then the placeholder names do not need a colon. That is, here you need to remove the colons:
and here no quotes are needed, execute() will lead to strings by itself, and colons must be added:

$sql .= implode("','", array_keys($props)); ->  $sql .= ":" .  implode(", :", array_keys($props));