PHP 8.1: MySQLi: Bind in Execute

TypeNew Feature

Since PHP 8.1, the MySQLi extension's mysqli_stmt_execute function and mysqli_stmt::execute method (which are aliases) accept a $params parameter. If passed, the passed values will be bound to the statement as strings.

Prior to this change, parameterized SQL queries had to be bound with variables explicitly with a bind_param call:

$statement = $db->prepare('SELECT * FROM posts WHERE pid = ?');
$statement->bind_param('s', $postId);

Since PHP 8.1, it is possible to directly pass the parameters to the execute method. This simplifies the parameter binding calls which were otherwise had to be done with a bind_param call. This change brings feature parity with PDOStatement::execute method, which already accepts parameters.

The snippet above can be simplified in PHP 8.1 as following:

$statement = $db->prepare('SELECT * FROM posts WHERE pid = ?');

Similar to the object-oriented example above, procedural MySQLi API also accepts the parameters in mysqli_stmt_execute() function:

  $statement = mysqli_prepare($connection, 'SELECT * FROM posts WHERE pid = ?');
- mysqli_stmt_bind_param($statement, 's', $postId);
- mysqli_stmt_execute();
+ mysqli_stmt_execute($statement, $postId);

Updated mysqli_stmt_execute synopsis

- function mysqli_stmt_execute(mysqli_stmt $statement): bool {
+ function mysqli_stmt_execute(mysqli_stmt $statement, ?array $params = null): bool  {

Updated mysqli_stmt::execute synopsis

class mysqli_stmt {
  // ...
-   public function mysqli_stmt_execute(): bool {
+   public function mysqli_stmt_execute(?array $params = null): bool  {

Backwards Compatibility Impact

Classes that extend the mysqli_stmt class now must also support the $params parameter.

Passing the parameters to the mysqli_stmt_execute() function / mysqli_stmt::execute() methods does not cause any warnings, but note that parameter will not be bound, and may cause errors.