That is the php array element syntax for an associative-key/value pair. The associative key name must match the name of the prepared query place holder.
You were given the following straight-forward instructions for converting an existing old query to a prepared query -
- remove the variables that are inside the sql query statement (keep these variables for use later).
- remove any single-quotes that were around the variables and any {} or concatenation dots that were used to get the variables into the sql query statement.
- put a prepared query place-holder ? into the sql query statement where each variable was at.
- call the ->prepare() method for the resulting sql query statement. this returns a PDOstatement object, and should be named $stmt or similar.
- call the ->execute([...]) method with an array containing the variables you removed in step #1.
- for a SELECT query, use either the ->fetch() method (for a single row of data), the ->fetchAll() method (for a set of data), or sometimes the ->fetchColumn() method (when you want a single value from one row of data.)
Had you made use of those instructions, you would have ended up with this -
$sql = "INSERT INTO Bank_Data SET EntryDate=?, Input=?, Output=?, Reason=?, Comment=?, Tag=?, AddDate=?";
$stmt = $pdo->prepare($sql);
$stmt->execute([$EntryDate, $input, $out, $Reason, $Comment, $Tag, $AddDate]);
How is that confusing?
You have stated you are faced with converting a lot of code. This list of conversion instructions, that I gave you on a different help forum, which also included an example for the query you were dealing with at that time, was to allow you to convert existing code with the least amount of work.
As to a neat and easy way of getting the computer to do this work for you, here's an abbreviated data-driven example -
// define expected fields
$fields['EntryDate'] = ['label'=>'Entry Date','validation'=>['required','date'],'processing'=>['insert']];
// add elements for the rest of the fields
$table = 'Bank_Data';
// at the point of building and executing the insert query
$set = []; // array to hold the set terms
$params = []; // array to hold the input parameters
foreach($fields as $field=>$arr)
{
if(in_array('insert',$arr['processing']))
{
$set[] = "`$field`=?";
$params[] = $_POST[$field];
}
}
if(!empty($set))
{
$sql = "INSERT INTO `$table` SET " . implode(',',$set);
// examine the sql query statement and the array of parameters
echo $sql; print_r($params);
$stmt = $pdo->prepare($sql);
$stmt->execute($params);
}