Search code examples

Why bindValue or BindParam doesn't modify the prepared statement?

Using latest php in order to create a function that adds a row to table user.

class targil_db {

    private $_pdo;

    public function __construct() {
        // username: root password: <blank> database: targil
        $this->_pdo = new PDO(

function addUser($username, $password) {

    $md5password = md5($password);
    $sql = <<<SQL
        "INSERT INTO user (username,password) VALUES (:username,:password)"

    $stmt = $this->_pdo->prepare($sql);
    $stmt->bindValue(':username', $username,PDO::PARAM_STR);
    $stmt->bindValue(':password', $password,PDO::PARAM_STR);


when I execute the addUser function, this is the query that i see executed on the mysql log file:

INSERT INTO user (username,password) VALUES (:username,:password)

as you can see it did not replace the :varname into the proper value. what am i missing ?

I tried both bindValue and bindParam but I got the same results.


even when i change :username and :password to ?,? and i use bindValue(1,$username) and bindValue(2,$password) i get the same results. the query that get executed actually still has ?,? in it instead of the actual variables.


  • This:

     $sql = <<<SQL
        "INSERT INTO user (username,password) VALUES (:username,:password)"

    should be:

    $sql = <<<SQL
        INSERT INTO user (username,password) VALUES (:username,:password)

    I needed to remove the double quotes, i already used <<<SQL to start the string and SQL; to stop it.