When I try to send the data I want to put in a query from a form, it gives me this message:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ':Citta'
Here is the portion of the code from where it gives me the error:
$location = $_POST['Citta'];
$sql = "SELECT * FROM test.cliente WHERE test.cliente.Citta = :Citta";
$statement = $conn->prepare($sql);
$statement->bindParam(':Citta', $location, PDO::PARAM_STR);
$statement->execute();
$result = $statement->fetchAll();
I take the input from a form in another page, then the data goes to $location.
I've changed it all to this:
$location = $_POST['Citta'];
$sql = "SELECT * FROM lgp.cliente WHERE lgp.cliente.Citta = ?";
$statement = $conn->prepare($sql);
$statement->bind_param("s", $location);
$statement->execute();
$result = $statement->fetchAll();
But now, it gives me this error:
Fatal error: Uncaught Error: Call to a member function execute() on bool
I've already added the mysqli report.
I've changed $result = $statement->fetchAll(); into $result = $statement->get_result()->fetchAll();
Now the error is:
Fatal error: Uncaught Error: Call to undefined method mysqli_result::fetchAll()
You seem to have got confused between mysqli and PDO syntax. There are a few similarities, but mainly the way they are used is different.
Your code re-written properly in mysqli would look like this:
$location = $_POST['Citta'];
$sql = "SELECT * FROM test.cliente WHERE test.cliente.Citta = ?";
$statement = $conn->prepare($sql);
$statement->bind_param("s", $location);
$statement->execute();
$result = $statement->get_result()->fetch_all();
See https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php and https://phpdelusions.net/mysqli for more examples.
Related
I have following lines of code to fetch multiple records using PHP 7.3
$query = "Select * from tblorders";
$stmt = $connection->prepare($query);
$stmt->execute();
$result = $stmt->fetchAll();
The last line issues as error.
Error Details
Uncaught Error: Call to undefined method mysqli_stmt::fetchAll()
I can confirm that the connection is not null and has proper connection details.
Am I missing anything?
This is because there is no such function! You are mixing PDO and mysqli.
If you want to fetch all records from a mysqli prepared statement you need to do it in two steps. First, fetch the result set using mysqli_stmt::get_result() and then use mysqli_result::fetch_all()
$query = "Select * from tblorders";
$stmt = $connection->prepare($query);
$stmt->execute();
$resultSet = $stmt->get_result();
$data = $resultSet->fetch_all(MYSQLI_ASSOC);
However, I would strongly advise learning PDO instead of mysqli as it is much easier and offers more options.
I made this code to display my user's details if I search for their email.
file.php
$sql = "SELECT * FROM users WHERE email='$email'";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $email);
$stmt->execute();
$result2 = $stmt->get_result();
file.html
while ($row = $result2->fetch_assoc()) { //results }
The problem with this code is that I get always a fatal error.
Fatal error: Uncaught Error: Call to a member function fetch_assoc() on null in ____ Stack trace: #0 {main} thrown in ______
Even though my script works perfectly because when I am searching for my users detail it shows them as expected.
What do they mean with this error? Can I get SQL Injected if I stay it like this? How can I remove this error?
1.) Fix binding your email parameter....
$sql = "SELECT * FROM users WHERE email='?'";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $email);
$stmt->execute();
$result2 = $stmt->get_result();
2.) For error you're getting i assume you get some error, you should check for $result2, if it's false > that means error
My file should get all users with this id (It's only one since id is unique in this table) and prepare a statement to execute later. When I execute it I get this error:
Fatal error: Uncaught Error: Call to a member function execute() on
boolean in C:\xampp\htdocs\Gamanware.ga\Admin\update.php:7 Stack
trace: #0 {main} thrown in
C:\xampp\htdocs\Gamanware.ga\Admin\update.php on line 7.
And I can't see anything wrong with it. The id is alright (I echo it out to be sure), Im not using reserved words and have made sure that it won't matter anyway, but I still get this error. I have been on several forums and many questions have not worked for me. I hope some of you can! My code:
<?php
require '../includes/login_system.dbh.php';
$id = $_GET['id'];
$sql = 'SELECT * FROM `users` WHERE `id`=:id';
$statement = $conn->prepare($sql);
$statement->execute([':id' => $id ]);
Try the code below and see if it helps
require '../includes/login_system.dbh.php';
$sql= "SELECT * FROM users WHERE id = :id";
$statement = $conn->prepare($sql);
$statement->bindParam(':id', $id, PDO::PARAM_INT);
$id = $_GET['id'];
$statement->execute();
You can also do an if else statement with your execute like so to see what it gives you.
require '../includes/login_system.dbh.php';
$sql= "SELECT * FROM users WHERE id = :id";
$statement = $conn->prepare($sql);
$statement->bindParam(':id', $id, PDO::PARAM_INT);
$id = $_GET['id'];
if ($statement->execute()) {
echo "Success";
} else {
echo "Failed";
}
I am in the process of converting some old MySQL code into MySQLI Prepared Statements and hit a snag:
If I run the same SQL code as prepared statement, I get a "Malformed Package" error. This happens even with extremely simple queries like "SELECT * FROM [TableName]".
I have the creation of the connection and setting of the Report level in a Seperate file altogether. So that code must be identicaly by definition.
As specific example, this code works:
$sql = "SELECT * FROM AngebotsDB";
$result = mysqli_query($link, $sql);
But this code:
$sql = "SELECT * FROM AngebotsDB";
// $result = mysqli_query($link, $sql);
$stmt = mysqli_stmt_init($link);
mysqli_stmt_prepare($stmt,$sql);
mysqli_execute($stmt);
$resultReference = mysqli_store_result($link); //throws exception
$result = mysqli_fetch_array($resultReference);
ends in:
Fatal error: Uncaught exception 'mysqli_sql_exception' with message
'Malformed packet' in /home/cgroschupff/public_html/custom_code/DB
structure.php:16 Stack trace: #0 /home/cgroschupff/public_html/custom_code/DB structure.php(16):
mysqli_store_result(Object(mysqli)) #1 {main} thrown in
/home/cgroschupff/public_html/custom_code/DB structure.php on line 16
All I could really find is some old information of this happening when Connecting to the DB.
Note that the used MySQLi/PHP version is rather old (5.2.17?). So this could be a "long ago fixed" bug?
If you initialize a statement than you have to call other functions according to mysqli_stmt class so your code should be .
$sql = "SELECT * FROM AngebotsDB";
$stmt = mysqli_stmt_init($link);
mysqli_stmt_prepare($stmt,$sql);
mysqli_stmt_execute($stmt);
$resultReference = mysqli_stmt_store_result($link);
Now if you try var_dump($resultReference) than return true or false .
if you want to show result with mysqli_fetch_array so you have to pass mysqli_result parameter so for this you have to use mysqli_stmt_get_result .
$sql = "SELECT * FROM AngebotsDB";
$stmt = mysqli_stmt_init($link);
mysqli_stmt_prepare($stmt,$sql);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt) ;
$output = mysqli_fetch_array($result) ;
Now you can see var_dump($output) than you have result .
I want to prepare a mysql script that first checks the id of the user based on given email and later on use this found id in the next query. What I did so far is as follows:
$find_id = "SELECT id from client
WHERE email = ? ";
$statement = $mysqli->prepare($find_id);
$statement->bind_param("s", $client_mail);
$statement->execute();
$statement->bind_result($id);
$statement->free();
$sql = "SELECT client_name, contact_name from client_addr
WHERE client_id = ? AND is_actual < ? ";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param("is", $id, "Y");
$stmt->execute();
$result = $stmt->get_result()->fetch_all(MYSQLI_ASSOC);
echo json_encode($result);
but now I'm getting the error related to this line:
$statement->free();
that says Call to undefined method mysqli_stmt::free() in.
However, when I remove this line I'm getting the error:
Uncaught exception 'mysqli_sql_exception' with message 'Commands out of sync; you can't run this command now'
on this line:
$stmt = $mysqli->prepare($sql);
How can I fix it?
I believe the function you're trying to use would be mysqli_stmt::free_result(). You'll need to change this line:
$statement->free();
To:
$statement->free_result();
The second Uncaught exception occurs because mysqli is an unbuffered SQL query handler, so you should store your results if you're looping simultaneous executions with something like $stmt->store_result(); and then you can unload the mysqli buffer to state a new query.