Is there a way you can set field names in php prepared statements, instead of just setting there values, for example,
$stmt = $mysqli->prepare("UPDATE movies SET filmName = ?,
filmDescription = ?,
filmImage = ?,
filmPrice = ?,
filmReview = ?
WHERE filmID = ?");
$stmt->bind_param('sssdii',
$_POST['filmName'],
$_POST['filmDescription'],
$_POST['filmImage'],
$_POST['filmPrice'],
$_POST['filmReview'],
$_POST['filmID']);
$stmt->execute();
$stmt->close();
is there a simpler way to do that? For example, is there a way I can do something like
$stmt->bind_param($_POST);
so it binds everything in with the correct names?
I hope this helps. I did not test, but if I missed something, please comment and I will edit.
$sql = "UPDATE
movies
SET
filmName = ?,
filmDescription = ?,
filmImage = ?,
filmPrice = ?,
filmReview = ?
WHERE
filmID = ?";
$arrayFields = array("filmName" => "s"
, "filmDescription" => "s"
, "filmImage" => "s"
, "filmPrice" => "d"
, "filmReview" => "i"
, "filmID" => "i");
$stmt = $mysqli->prepare($sql);
foreach($_POST as $key=>$val) {
if(array_key_exists ( $key , $arrayFields )) {
$stmt->bind_param($arrayFields[$key], $_POST[$key]);
}
}
$stmt->execute();
$stmt->close();