Like others I've extended the standard PDO class to suit my needs. Something along the lines of this may suit you:

Class ExtendedPDO extends PDO
{

    public function prepareArray($sql, array $data)
    {
        // Call the standard prepare method
        $statement = parent::prepare($sql);

        foreach ($data as $field=>$value) {
            $statement->bindValue(':' . $field, $value);
        }

        return $statement;
    }

}

Then you can use it quite simply:

// Include connection variables
include '../includes/config/database.php';

// The data to use in the query
$data = array(
    'title' => 'New value',
    'id'    => 1,
);

// The query you want to run
$sql = '
    UPDATE
        test
    SET
        title = :title
    WHERE
        id = :id
';

try {
    // Connect to the database
    $dbh = new ExtendedPDO(PDO_DSN, PDO_USERNAME, PDO_PASSWORD);

    // Attach the data to your query
    $stmt = $dbh->prepareArray($sql, $data);

    // Run it
    $stmt->execute();
} catch (PDO Exception $e) {
    echo $e->getMessage();
}

Thanks to everyone.
Every answer was helpful and I wish I could split the bounty.

At the end, to my surprise, I was able to make it the same way as before, based on on accepted answer

$fields = array("login","password");
$_POST['password'] = MD5($_POST['login'].$_POST['password']);
$stmt = $dbh->prepare("UPDATE users SET ".pdoSet($fields,$values)." WHERE id = :id");
$values["id"] = $_POST['id'];
$stmt->execute($values);

It can be wrapped into a helper function, but I doubt there is necessity. It will shorten the code by just one line.

pdoSet code:

function pdoSet($fields, &$values, $source = array()) {
  $set = '';
  $values = array();
  if (!$source) $source = &$_POST;
  foreach ($fields as $field) {
    if (isset($source[$field])) {
      $set.="`$field`=:$field, ";
      $values[$field] = $source[$field];
    }
  }
  return substr($set, 0, -2); 
}

I usually have a class extending PDO, but my class is pretty custom. If I get it cleaned up and tested I will post it at a later time. Here is a solution to your system, however.

function dbSet($fields, &$values) {
    $set = '';
    $values = array();

    foreach ($fields as $field) {
        if (isset($_POST[$field])) {
            $set .= "`$field` = ?,";
            $values[] = $_POST[$field];
        }
    }

    return rtrim($set, ',');
}

$fields = explode(" ","name surname lastname address zip fax phone date");
$_POST['date'] = $_POST['y']."-".$_POST['m']."-"$_POST['d'];

$query  = "UPDATE $table SET ".dbSet($fields, $values).", stamp=NOW() WHERE id=?";
$values[] = $id;

$dbh->prepare($query);
$dbh->execute($values);  

This may not be perfect and could use tweaking. It takes into account that $dbh is setup with a PDO Connection. Pending any minor syntax issues I made, that should work.

EDIT

Really though, I think I would go for Doctrine ORM (or another ORM). As you setup the model and add all the validation there, then it is as simple as:

$table = new Table();
$table->fromArray($_POST);
$table->save();

That should populate the contents easily. This is of course with an ORM, like Doctrine.

UPDATED

Did some minor tweaks to the first code, such as putting isset back and using rtrim over substr. Going to work on providing a mock up of a PDO Extension class just gotta layout the way to do it and do some unit tests to make sure it works.

i would extend the Core PDO Class andd a method like so:

class Database extends PDO
{
    public function QueryFromPost($Query,$items)
    {
        $params = array();
        $Query .= ' WHERE ';

        foreach($items as $key => $default)
        {
             $Query .= ' :' . $key. ' = ' . $key;
             if(isset($_POST[$key]))
             {
                  $params[':' . $key] = $_POST[$key];
             }else
             {
                 $params[':' . $key] = $default;
             }
        }
        $s = $this->prepare($Query);
        return $s->execute($params);
    }
}

Then use like so

$db = new Database(/*..Default PDO Params*/);
$statement = $db->QueryFromPost('SELECT * FROM employees',array('type' => 'plc'));
foreach($preparedStatement->fetchAll() as $row)
{
    //...
}

But as its already been said that you should be VERY weary of what your trying to do, you need to validate your data, its been sanitized but you not validated.

Even though my DB class does not use prepared statements I still want to mention it here. I see no reason at all to implement everything with prepared statements. I do know that prepared statements are faster, but only when used multiple times. If you execute the query only once (and this is the only type of query I normally need to use), it is slower. Thus it is counterproductive to use prepared statements everywhere.

Proper description of the class may be found some place else at stackoverflow. But here some of the good stuff:

• Less then 100 lines database layer
• DB::x for DB::instance()->execute and DB::q for DB::instance()->query
• autoQuoting with two types of placeholders ? and ?x (where x may be ,, & and |). The ?, placeholder may be used as an UPDATE helper here.

But for full information see the stackoverflow post linked above ;)

PS: The README in the repo does not apply to this class. It is for the normal DB.php, not for DB_intelligent.php. PPS: The class is written for PHP 5.3. If you want to use it on PHP 5.2 simply copy all those PDO methods from DB_forPHP52.php to DB_intelligent.php and remove the __callStatic method.

Insert queries often require many placeholders. The question mark style is then hard to read, and named parameters are repetitive and prone to typing errors. So, I created a function for the whole insert query:

function insert($table, $col_val){
    global $db;
    $table = preg_replace('/[^\da-z_]/i', '', $table);
    $smt = $db->prepare("DESCRIBE `$table`");
    $smt->execute();
    $columns = $smt->fetchAll(PDO::FETCH_COLUMN);
    $sets = array();
    $exec = array();
    foreach($col_val as $col => $val){
        if(!in_array($col, $columns))
            return false;
        $sets[] .= "`$col`=?";
        $exec[] = $val;
    }
    $set = implode(',', $sets);
    $smt = $db->prepare("INSERT INTO `$table` SET $set");
    $smt->execute($exec);
    return $db->lastInsertId();
}

Usage is simple:

insert('table_name', array(
    'msg'   =>  'New message',
    'added' =>  date('Y-m-d H:i:s'),
));

And if you need lastInsertId():

$new_id = insert(...