Insert multiple rows with PDO prepared statements

by

The first important thing to say is that you can insert multiple rows thanks to only one INSERT query

INSERT INTO Table (col1, col2, col3) 
VALUES ('abc', 'def', 'ghi'),
       ('abc', 'def', 'ghi'),
       ('abc', 'def', 'ghi'),
       ('abc', 'def', 'ghi'),
       ('abc', 'def', 'ghi')
       -- and so on...

Once you know that, you’re able to get a good solution with PDO (for instance).
You have to keep in mind that you want a complete prepare and execute process (in term of security, you have to pass each parameter separately).

Let’s say you have rows to insert structured as follow:

$rows = array(
              array('abc', 'def', 'ghi'), // row 1 to insert
              array('abc', 'def', 'ghi'), // row 2 to insert
              array('abc', 'def', 'ghi')  // row 3 to insert
              // and so on ...
);

Your goal is to have this result as a prepared query:

INSERT INTO Table (col1, col2, col3) 
VALUES (?, ?, ?),
       (?, ?, ?),
       (?, ?, ?)

With its corresponding execute:

PDOStatement::execute(array('abc', 'def', 'ghi', 'abc', 'def', 'ghi', 'abc', 'def', 'ghi'));

Well, you only have to do it now:

$rows = array(
              array('abc', 'def', 'ghi'),
              array('abc', 'def', 'ghi'),
              array('abc', 'def', 'ghi')
);

$row_length = count($rows[0]);
$nb_rows = count($rows);
$length = $nb_rows * $row_length;

/* Fill in chunks with '?' and separate them by group of $row_length */
$args = implode(',', array_map(
                                function($el) { return '('.implode(',', $el).')'; },
                                array_chunk(array_fill(0, $length, '?'), $row_length)
                            ));

$params = array();
foreach($rows as $row)
{
   foreach($row as $value)
   {
      $params[] = $value;
   }
}

$query = "INSERT INTO Table (col1, col2, col3) VALUES ".$args;
$stmt = DB::getInstance()->prepare($query);
$stmt->execute($params);

And… That’s it!

This way, each param is treated separately, which is what you want (security, security, security!) and all of it, in a dynamic way, with only one INSERT query

If you have too many rows to insert (see this), you should execute one by one

$rows = array(
              array('abc', 'def', 'ghi'), // row 1 to insert
              array('abc', 'def', 'ghi'), // row 2 to insert
              array('abc', 'def', 'ghi')  // row 3 to insert
              // and so on ...
);

$args = array_fill(0, count($rows[0]), '?');

$query = "INSERT INTO Table (col1, col2, col3) VALUES (".implode(',', $args).")";
$stmt = $pdo->prepare($query);

foreach ($rows as $row) 
{
   $stmt->execute($row);
}

More Related Contents:

  1. PHP – Using PDO with IN clause array
  2. pdo prepared statements with wildcards
  3. Can I use a PDO prepared statement to bind an identifier (a table or field name) or a syntax keyword?
  4. Replacing mysql_* functions with PDO and prepared statements
  5. PDOstatement (MySQL): inserting value 0 into a bit(1) field results in 1 written in table
  6. Calling stored procedure with Out parameter using PDO
  7. When *not* to use prepared statements?
  8. PDO error: SQLSTATE[HY000]: General error: 2031
  9. Use of PDO in classes [duplicate]
  10. Error while using PDO prepared statements and LIMIT in query [duplicate]
  11. Can I mix MySQL APIs in PHP?
  12. Can I bind an array to an IN() condition in a PDO query?
  13. PDOException “could not find driver”
  14. Row count with PDO
  15. PDO get the last ID inserted
  16. How do I use password hashing with PDO to make my code more secure? [closed]
  17. MySQLi prepared statements error reporting [duplicate]
  18. How to view query error in PDO PHP
  19. PDO::__construct(): Server sent charset (255) unknown to the client. Please, report to the developers
  20. Insert/update helper function using PDO
  21. Resetting array pointer in PDO results
  22. PDO multiple queries
  23. How to bind parameters to a raw DB query in Laravel that’s used on a model?
  24. What is the advantage of using try {} catch {} versus if {} else {}
  25. Unknown database error in PHP but it exists in PHPMyAdmin
  26. How do detect that transaction has already been started?
  27. Trying to access array offset on value of type bool
  28. return multiple response data in one response
  29. How to get a query error from prepare() in PDO PHP?
  30. PHP PDO how to run a multiple query request?

Leave a Comment