My file should get all users with this id (It's only one since id is unique in this table) and prepare a statement to execute later. When I execute it I get this error:
Fatal error: Uncaught Error: Call to a member function execute() on
boolean in C:\xampp\htdocs\Gamanware.ga\Admin\update.php:7 Stack
trace: #0 {main} thrown in
C:\xampp\htdocs\Gamanware.ga\Admin\update.php on line 7.
And I can't see anything wrong with it. The id is alright (I echo it out to be sure), Im not using reserved words and have made sure that it won't matter anyway, but I still get this error. I have been on several forums and many questions have not worked for me. I hope some of you can! My code:
<?php
require '../includes/login_system.dbh.php';
$id = $_GET['id'];
$sql = 'SELECT * FROM `users` WHERE `id`=:id';
$statement = $conn->prepare($sql);
$statement->execute([':id' => $id ]);
Try the code below and see if it helps
require '../includes/login_system.dbh.php';
$sql= "SELECT * FROM users WHERE id = :id";
$statement = $conn->prepare($sql);
$statement->bindParam(':id', $id, PDO::PARAM_INT);
$id = $_GET['id'];
$statement->execute();
You can also do an if else statement with your execute like so to see what it gives you.
require '../includes/login_system.dbh.php';
$sql= "SELECT * FROM users WHERE id = :id";
$statement = $conn->prepare($sql);
$statement->bindParam(':id', $id, PDO::PARAM_INT);
$id = $_GET['id'];
if ($statement->execute()) {
echo "Success";
} else {
echo "Failed";
}
Related
When I try to send the data I want to put in a query from a form, it gives me this message:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ':Citta'
Here is the portion of the code from where it gives me the error:
$location = $_POST['Citta'];
$sql = "SELECT * FROM test.cliente WHERE test.cliente.Citta = :Citta";
$statement = $conn->prepare($sql);
$statement->bindParam(':Citta', $location, PDO::PARAM_STR);
$statement->execute();
$result = $statement->fetchAll();
I take the input from a form in another page, then the data goes to $location.
I've changed it all to this:
$location = $_POST['Citta'];
$sql = "SELECT * FROM lgp.cliente WHERE lgp.cliente.Citta = ?";
$statement = $conn->prepare($sql);
$statement->bind_param("s", $location);
$statement->execute();
$result = $statement->fetchAll();
But now, it gives me this error:
Fatal error: Uncaught Error: Call to a member function execute() on bool
I've already added the mysqli report.
I've changed $result = $statement->fetchAll(); into $result = $statement->get_result()->fetchAll();
Now the error is:
Fatal error: Uncaught Error: Call to undefined method mysqli_result::fetchAll()
You seem to have got confused between mysqli and PDO syntax. There are a few similarities, but mainly the way they are used is different.
Your code re-written properly in mysqli would look like this:
$location = $_POST['Citta'];
$sql = "SELECT * FROM test.cliente WHERE test.cliente.Citta = ?";
$statement = $conn->prepare($sql);
$statement->bind_param("s", $location);
$statement->execute();
$result = $statement->get_result()->fetch_all();
See https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php and https://phpdelusions.net/mysqli for more examples.
I made this code to display my user's details if I search for their email.
file.php
$sql = "SELECT * FROM users WHERE email='$email'";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $email);
$stmt->execute();
$result2 = $stmt->get_result();
file.html
while ($row = $result2->fetch_assoc()) { //results }
The problem with this code is that I get always a fatal error.
Fatal error: Uncaught Error: Call to a member function fetch_assoc() on null in ____ Stack trace: #0 {main} thrown in ______
Even though my script works perfectly because when I am searching for my users detail it shows them as expected.
What do they mean with this error? Can I get SQL Injected if I stay it like this? How can I remove this error?
1.) Fix binding your email parameter....
$sql = "SELECT * FROM users WHERE email='?'";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $email);
$stmt->execute();
$result2 = $stmt->get_result();
2.) For error you're getting i assume you get some error, you should check for $result2, if it's false > that means error
At the moment, I have two queries. The first selects a column from a row. The second then deletes that row. As both queries deal with the same row, I was wondering if it was possible to execute both queries in one (to reduce the amount of code).
I had a look at SELECT then immediately DELETE mysql record and tried Whatever Kitchen's answer
This was my code beforehand (which works fine):
$stmt = $con->prepare("SELECT number FROM viewings WHERE username=:user");
$stmt->bindParam(':user', $user);
$stmt->execute();
$row = $stmt->fetch();
$result = $row['number'];
$stmt = $con->prepare("DELETE FROM viewings WHERE username=:user");
$stmt->bindParam(':user', $user);
$stmt->execute();
echo $result;
This was my code after trying the answer:
$stmt = $con->prepare("DELETE FROM viewings WHERE username=:user IN (SELECT number FROM viewings WHERE username=:user LIMIT 1)");
$stmt->bindParam(':user', $user);
$stmt->execute();
$row = $stmt->fetch();
$result = $row['number'];
echo $result;
However, I receive these errors:
Fatal error: Uncaught exception 'PDOException' with message
'SQLSTATE[42000]: Syntax error or access violation: 1235 This version
of MySQL doesn't yet support 'LIMIT & IN/ALL/ANY/SOME subquery''
in /home//public_html/page.php:47
Stack trace:
0 /home//public_html/page.php(47): PDOStatement->execute()
1 {main} thrown in /home//public_html/page.php on line 4
You can try using the EXISTS condition:
DELETE FROM viewings WHERE EXISTS (SELECT * FROM viewings WHERE username=:user LIMIT 1)
Source: SQL EXISTS condition
I need some help. I have some nested SELECT statements that get the user's ID then use that ID to search another table in MySQL. I have a foreach() loop that uses the user_id from the first query to create a folder for the user if there isn't one in the filesystem. Then I used bindParam() to assign it a variable and use it in another query to get the user's name. However, it throws and exception saying 'Call to a member function bindParam() on null in C:\foo\bar\foobarscript.php on line 29'. Here's my code up until the break...
try {
$con = new PDO("mysql:host=$dbname;dbname=$db", $user, $pass);
//Set the PDO error mode to exception
$con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$con->beginTransaction();
$stmt = $con->prepare("SELECT user_id
FROM users");
$stmt->execute();
$result = $stmt->setFetchMode(PDO::FETCH_ASSOC);
$res = $stmt->fetchAll();
foreach($res as $row) {
$uid = $row['user_id'];
$filename = './reports/'.$uid.'';
if(!file_exists($filename)) {
if(!mkdir('./reports/'.$uid)) {
die('Failed to create folders..');
}
}
$stmt2->bindParam(':uid', $uid); //<--- Code breaks here
$stmt2 = $con->prepare("SELECT CONCAT(fname,' ',lname) as fullname FROM users WHERE user_id = :uid");
$stmt2->execute();
$fullName = $stmt2->fetchAll();
$userArray[] = array_fill_keys($uid, $fullName);
$stmt2->closeCursor();
}
I have searched up and down and tried rewriting it, debugging piece by piece. Everything works fine until I put it all back together and I get this error again. I really appreciate any help!
Edit: I have even tried removing the assigned variable and binding like:
$stmt2->bindParam(':uid', $row['user_id']);
I am making a game for class and I have added a commenting system to go with it. I am now wanting to add the ability to report the comment.
I have added a column in the comments table called report_active and my idea was to set this to 1 when it is active (meaning it has been reported) and 0 when it isn't. Then just list in the adminCP all of the comments with an active report on them.
I have made a file called report_comment.php which I intend to only be used to run the queries then redirect back to another page.
This is my report_comment.phppage:
<?php
require_once('db_connect.php');
require_once('security.php');
if (isset($_GET['id'])) {
$report_active = 1;
$id = $_GET['id'];
$select = $db->query("SELECT * FROM comments WHERE id = ?");
$select->bind_param('i', $id);
if ($select->execute()) {
if ($select->num_rows) {
// Run the update query
$update = $db->query("UPDATE comments SET report_active = ? WHERE id = ?");
$update->bind_param('ii', $report_active, $id);
if ($update->execute()) {
header('Location: comments.php');
die();
}
}
}
}
?>
What am I doing wrong? As this is the error I am returned with:
Fatal error: Call to a member function bind_param() on a non-object
$select = $db->query("SELECT * FROM comments WHERE id = ?");
^^^^^---execute the query immediately
You want
$stmt = $db->prepare("SELECT * FROM comment WHERE id = ?");
^^^^^^^---note the diff
instead. Plus, you should be checking for failure, e.g.
if ($stmt === false) {
die("Prepare failed with error: " . $db->errorInfo);
}
or similar for your particular DB library.