I have the following code which i'm trying to obtain a single row of data into an array. I'm unsure if i'm mixing prepared statements and PDO.
I'm getting the following error:
Uncaught Error: Cannot use object of type mysqli_stmt as array in...
The Code:
// Prepare a select statement
$sql = "SELECT * FROM pupils WHERE pupil_id = ?";
if($stmt = $mysqli->prepare($sql)){
// Bind variables to the prepared statement as parameters
$stmt->bind_param("i", $param_pupil_id);
// Set parameters
$param_pupil_id = $_POST['pupil_num'];
// Attempt to execute the prepared statement
if($stmt->execute()){
$stmt->store_result();
if($stmt->num_rows == 1){
$stmt->bind_result($id, $pupil_id, $name, $eal, $pp);
//Updated code
echo $stmt->fetch()->$name;
} else{
echo "error";
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
Related
I have tried thousand of examples but non working, I try to get results on specific row where id= .
My code :
if ($stmt = $func->mysqli->prepare("SELECT * FROM monthlypaymentsrequestlist WHERE id = ?")) {
$stmt->bind_param('s', $user['userid']);
// Execute the prepared query.
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows > 0) {
while ($rows = $stmt->fetch_assoc()) {
echo $row['id'];
}
}
}
The error i get :
Fatal error: Call to undefined method mysqli_stmt::fetch_assoc() in
How i do it properly ?
fetch_assoc() is a function of a mysqli_result, not the $stmt Resource you're trying to use. You need to assign it to the return of execute():
if($stmt = $func->mysqli->prepare("SELECT * FROM monthlypaymentsrequestlist WHERE id = ?"))
{
$stmt->bind_param('s', $user['userid']);
// Execute the prepared query.
$result = $stmt->execute();
$stmt->store_result();
if($stmt->num_rows > 0)
{
while($rows = $result->fetch_assoc())
{
echo $row['id'];
}
}
}
fetch_assoc is a method of the mysqli_result class, not the mysqli_stmt class.
Trying to insert user input into a MYSQL database. I am utilizing the REPLACE INTO because the column email has a unique key to prevent duplication. The table name is launch_email. I am trying to prevent SQL injection by using prepare and bindParam, however I keep getting this error: Call to undefined function bindParam(). Any solutions?
PHP/SQL:
require(ROOT_PATH . "inc/database.php");
try {
$replace = $db->prepare("REPLACE INTO launch_email VALUES (:email_str)");
$replace = bindParam(":email_str", $email, PDO::PARAM_STR);
$replace->execute();
} catch (Exception $e) {
echo "Data could not be submitted to the database.";
exit;
}
EDIT: The code below solved my problem. I was assigning a method to a non-object.
require(ROOT_PATH . "inc/database.php");
try {
$replace = $db->prepare("REPLACE INTO launch_email VALUES (:email_str)");
$replace->bindParam(":email_str", $email, PDO::PARAM_STR);
$replace->execute();
} catch (Exception $e) {
echo "Data could not be submitted to the database.";
exit;
}
Remember bindParam is a method of the Classes PDO, MySQLi or whatever database you're using... So it must be called this way:
$replace->bindParam(":email_str", $email, PDO::PARAM_STR);
PDOStatement::bindParam is a PDOStatement method .
this should work
require(ROOT_PATH . "inc/database.php");
try {
$stm = $db->prepare("REPLACE INTO launch_email VALUES (:email_str)");
$stm->bindParam(":email_str", $email, PDO::PARAM_STR);
$stm->execute();
} catch (Exception $e) {
echo "Data could not be submitted to the database.";
exit;
}
bindParam is not a language function. It is a method of the PDOStatement object.
$replace->bindParam(":email_str", $email, PDO::PARAM_STR);
It would be better if instead of using $replace as your variable name, you call it something like $stmt so that it is more apparent what that object is.
Alternatively, you can pass your parameter at execution. By writing your code like this:
$stmt = $db->prepare("REPLACE INTO launch_email VALUES (?)");
if ($stmt)
{
// Execute query with parameter
$stmt->execute(array($email));
}
else
{
// Could not prepare statement
echo $db->errorInfo();
}
I am having some trouble with prepared statements. Basically, this query is returning no rows, even though I know for a fact that this query should return multiple rows. I thought this was just a problem due to SQL injections, but maybe I'm doing something else wrong here, I don't know. If I take out the check for how many rows there are, I get an error:
PHP Fatal error: Call to a member function fetch_array()
Any help would be appreciated!
$stmt = $mysqli->prepare("SELECT sid from SDS WHERE uid=? AND dst=?");
$stmt->bind_param('ss',$username,$structureType);
$stmt->execute();
$stmt->bind_result($results);
$stmt->fetch();
if ($results) {
if($results->num_rows == 0) {
print("No results here.");
return 0;
}
$recordnames = array();
while ($next_row = $results->fetch_array()) {
$recordnames[] = $next_row['sid'];
}
return $recordnames;
}
When you use $stmt->bind_result($result); you are binding the sid from the database to the variable $results. So you cannot perform operations like :
if($results->num_rows == 0) { //... }
or
$results->fetch_array();
This is how I would do it :
<?php
$stmt = $mysqli->prepare("SELECT sid from SDS WHERE uid=? AND dst=?");
$stmt->bind_param('ss', $username, $structureType);
$stmt->execute();
$stmt->bind_result($sid);
$stmt->store_result();
if ($stmt->num_rows == 0)
{
print("No results here.");
$stmt->close();
return 0;
}
else
{
$recordnames = array();
while($stmt->fetch())
{
$recordnames[] = $sid;
}
return $recordnames;
}
?>
This way uses a different logic, check if the row count is 0, if so display "No results here", if not put results into the array.
The Following code will display "12" on the screen. That is all. These echo numbers were added for debugging.
It should Display "123" and insert into a MySQL database the variables in the statement.
For some reason it just ends at the prepare statement. The fail() error check never getting called. Actually, nothing gets called after the prepare statement.
I have been all over the site and believe I am doing everything required properly, but it is more then likely something I did.
Can anyone tell me why the prepare statement is failing this way?
$query = "insert into member(mail, user, val) values (?, ?, ?)";
$uuu = blah#blah.com;
$hhh = Blah Williams;
$val = 0;
echo "1";
if($stmt = $this->conn)
{
echo "2";
$stmt->prepare($query) || $this->fail('MySQL prepare', $stmt->error);
echo "3";
$stmt->bind_param('ssi', $uuu, $hhh, $val)
|| $this->fail('MySQL bind_param', $stmt->error);
$stmt->execute();
if (!$stmt->execute())
{
if ($stmt->errno === 1062 /* ER_DUP_ENTRY */)
{
$this->fail('This username is already taken');
}
else
{
$this->fail('MySQL execute', $stmt->error);
}
}
}
else
{/*error check*/
$this->fail('MySQL insert prepare failed', $stmt->error);
return 0;
}
$stmt->close();
return true;
You should use as your assignment will always be true.
$stmt = $this->conn->prepare($query);
To check why it's failing, use:
var_dump($stmt->errorInfo());
Nested function inside of fetch (which is inside of another function) does not perform.
fn_smth1 is nested inside of fn_smth2 and should output result via fn_smth2
Example below is a simplified version.
function fn_smth1 ($id){
global $mysqli;
$stmt = $mysqli->stmt_init();
if ($stmt->prepare("SELECT code FROM at WHERE id = ?")){
$stmt->bind_param("i",$id);
$stmt->execute();
$stmt->bind_result($code);
if ($stmt->fetch()){
$code_displ = $code;
}
}
$stmt->close;
return $code_displ;
}
function fn_smth2($id){
global $mysqli;
$stmt = $mysqli->stmt_init();
if ($stmt->prepare("SELECT idx, name FROM at WHERE id = ?")){
$stmt->bind_param("i",$id);
$stmt->execute();
$stmt->bind_result($idx, $name);
if ($stmt->fetch()){
$code_displ = $name.' === '.fn_smth1($idx);
}
}
$stmt->close;
return $code_displ;
}
echo fn_smth2(1);
//expected
some name here === some code here
//received
some name here === null (function fn_smth1 does not give a value)
You're trying to execute second prepared statement, while the resultset from the first one has not been stored yet. Use mysqli_stmt::store_result() before trying to execute second statement.