This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 2 years ago.
I'm trying to input multiple queries guys using mysqli. Yet it's not populating the database. Any ideas?
$q2="UPDATE ticketinfo SET ticketstatus = $status where ticketno = $ticket;
insert into ticketinfo (remarks) values ('$remarks')";
$ex2= mysqli_multi_query($conn,$q2);
SQL queries should be executed sequentially. Never use mysqli_multi_query() with variable input. You should be using parameterized prepared statements. There is hardly any use case for mysqli_multi_query() at all.
Your code should look like this:
// your mysqli connection
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$mysqli = new mysqli('localhost', 'username', 'password', 'dbname');
$mysqli->set_charset('utf8mb4'); // always set the charset
// First query
$stmt = $mysqli->prepare('UPDATE ticketinfo SET ticketstatus = ? WHERE ticketno = ?');
$stmt->bind_param('ss', $status, $ticket);
$stmt->execute();
// Second query
$stmt = $mysqli->prepare('INSERT INTO ticketinfo (remarks) VALUES (?)');
$stmt->bind_param('s', $remarks);
$stmt->execute();
I used two prepared statements and bound the input separately. This much better, cleaner and safer option than mysqli_multi_query().
Related
This question already has answers here:
How to convert PDO to mysqli?
(2 answers)
Closed 3 years ago.
I want to convert PDO code to mysqli and having some problem. I'm still new at this and I really don't understand PDO completely.
$query = "INSERT INTO gender(gender) VALUES (:gender)";
$statement = $conn->prepare($query);
$statement->execute(array('gender' => $_POST["gender"]));
$count = $statement->rowCount();
This is far I got.
$statement = $db->prepare ($query);;
$statement = array('gender' => $_POST["gender"]);
$count=mysqli_num_rows($query);
$statement = mysqli_fetch_array ($query);
Try this version:
$query = "INSERT INTO gender(gender) VALUES (?)";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("s", $_POST["gender"]);
$stmt->execute();
$stmt->close();
You need to use the bind_param() function to bind parameters to your mysqli statement. Note that mysqli, unlike PDO, does not support named parameters. Instead, just use ? as a placeholder to which you bind your actual value later on.
This question already has answers here:
Can I bind an array to an IN() condition in a PDO query?
(23 answers)
MySQLi Bind Param with an array for IN [duplicate]
(2 answers)
Closed 5 years ago.
I can not figure out how I can prepare my select statement.
$query = "SELECT name, art FROM table_one WHERE name LIKE ? AND art IN ?";
if ($stmt = $db_link->prepare($query)) {
$stmt->bind_param("ss", $name, $art);
$stmt->execute();
if ($stmt->errno){
//Deal with error
}
$name = "%Marc%";
$art = "('green', 'blue', 'red')";
$stmt->execute();
$stmt->bind_result($name, $art);
while ($stmt->fetch()){
//Output data
}
}
So the problem is, that something does not work with the syntax in the prepared statement. This is my first attempt at preparing statements.
I had the query working before without using a prepared statement, but I am forced to use that now.
The old query looked like this:
$query = "SELECT name, art FROM table_one WHERE name LIKE '%$name%' AND art IN ('$art')";
Thank you for your help.
This question already has answers here:
What is the difference between bindParam and bindValue?
(7 answers)
Closed 7 years ago.
I'm trying to insert values using prepared statements like this:
$dbh = new PDO("mysql:host=$hostname;dbname=$database", $username, $password);
$dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO user_table (first_name, last_name) VALUES (:tname, :tname2)";
$stmt = $dbh->prepare($sql);
$stmt -> bindParam(':tname', 'John');
$stmt -> bindParam(':tname2', 'Smith');
$stmt -> execute();
However, this is throwing a fatal error: "PHP Fatal error: Cannot pass parameter 2 by reference in /Applications/MAMP/htdocs/live/test_create.php on line 53" This is referring to this line: $stmt -> bindParam(':tname', 'John');
What's causing this problem?
When using bindParam it must be passed by reference.
Use bindValue instead, for the way you are trying to use it here.
More about bindValue vs bindParam here
If you are insistent about using bindParam, it must be supplied as a variable. So you would use $var1="John" and then $stmt->bindParam(':tname',$var1);
This question already has answers here:
Table name as parameter using PDO/MySQL prepared statement [duplicate]
(2 answers)
Closed 8 years ago.
$dbh = new PDO('mysql:host=' . $_POST['db_host'], $_POST['db_user'], $_POST['db_user_password']);
$sql = 'CREATE DATABASE :db_name';
$sth = $dbh->prepare($sql);
$sth->bindParam(':db_name', $_POST['db_name']);
var_dump($sth->execute());
It's allways show false. But if directly specify db_name, like this:
$sql = 'CREATE DATABASE database';
$sth = $dbh->prepare($sql);
$sth->execute();
It will work. What I'm doing wrong?
You can only bind data (column values) in parametrized query, not column name and table name. Also, in your code you tried to parametrize connection initialization which I think not correct.
You can alternatively depend on white list of db names:
$databases = array('dbone', 'dbtwo');
then check
if(in_array($_POST['db_name'], $databases) ){
$dbname = $_POST['db_name'];
}
This question already has an answer here:
why pdo->lastInsertId() return 0 when i call STORED PROCEDURE in mysql?
(1 answer)
Closed 9 years ago.
I keep getting zero for LastInsertedID, I think it is because I am using a mysql stored procedure. Here is my code:
// Set up a new MYSQL PDO Database Connection
$dbConnection = new PDO('mysql:host=localhost;dbname=database;charset=UTF8', 'username', 'password');
//turn off emulation for prepared statement and set error mode option
$dbConnection->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$dbConnection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//Create a statement and prepare it with parameters
$stmt = $dbConnection->prepare("CALL AddMovieSet(:UserID, :SelectedLibraryID, :txtName, :txtNotes);");
$stmt->bindValue(':UserID', $_SESSION["UserID"], PDO::PARAM_STR);
$stmt->bindValue(':SelectedLibraryID', $_SESSION["SelectedLibraryID"], PDO::PARAM_STR);
$stmt->bindValue(':txtName', $_GET["txtName"], PDO::PARAM_STR);
$stmt->bindValue(':txtNotes', $_GET["txtNotes"], PDO::PARAM_STR);
//execute the prepared statement
$stmt->execute();
//the stored procedure successfully inserts a row
$Name=$_GET["txtName"];
$Notes=$_GET["txtNotes"];
$InsertedID=$dbConnection->lastInsertId();
//$InsertedID is always zero, the table I am inserting a row into has an AUTO_INCREMENT for the first column.
Sometimes PHP and PDO can be buggy with lastInsertID() and stored procedures. Try using this MySQL call instead:
"SELECT LAST_INSERT_ID();"