Pass PDO prepared statement to variables

Question

I am using a prepared statement to upload submitted information into a MYSQL database. I would like to know how to pass my prepared statements to a separate variable so I can post a summary of what was uploaded. Here is the following code:

$stmt = $dbh->prepare("INSERT INTO photos (Name, Type, Price, Description, Location,    status, id) 
VALUES (:item_name, :item_type, :item_price, :item_description, :image_location, :status, :id)");
$stmt->bindValue(':item_name', $_POST['item_name']);
$stmt->bindValue(':item_type', $_POST['item_type']);
$stmt->bindValue(':item_price', $_POST['item_price']);
$stmt->bindValue(':item_description', $_POST['item_description']);
$stmt->bindValue(':image_location', 'images/'.$_FILES['file']['name']);
$stmt->bindValue(':status', 0);
$stmt->bindValue(':id', 0);

try{
    $stmt->execute();
}catch(PDOException $e){
    $errors[] = $item_name . "not saved in database.";
    echo $e->getMessage();

I suppose my question is: How does PHP store the $stmt variable and then execute it? Is

$stmt->execute()

being treated as an array? If so how can I access each prepared value so I can post a summary of each value?

Thank you!

Answer 1

Instead of using ->bindParam() you can pass the data only at the time of ->execute():

$data = [
  ':item_name' => $_POST['item_name'],
  ':item_type' => $_POST['item_type'],
  ':item_price' => $_POST['item_price'],
  ':item_description' => $_POST['item_description'],
  ':image_location' => 'images/'.$_FILES['file']['name'],
  ':status' => 0,
  ':id' => 0,
];

$stmt->execute($data);

In this way you would know exactly what values are going to be sent.

Answer 2

You could do $stmt->queryString to obtain the SQL query used in the statement. If you want to save the entire $stmt variable (I can't see why), you could just copy it. It is an instance of PDOStatement so there is apparently no advantage in storing it.