This question already has answers here:
Can I bind an array to an IN() condition in a PDO query?
(23 answers)
MySQLi Bind Param with an array for IN [duplicate]
(2 answers)
Closed 5 years ago.
I can not figure out how I can prepare my select statement.
$query = "SELECT name, art FROM table_one WHERE name LIKE ? AND art IN ?";
if ($stmt = $db_link->prepare($query)) {
$stmt->bind_param("ss", $name, $art);
$stmt->execute();
if ($stmt->errno){
//Deal with error
}
$name = "%Marc%";
$art = "('green', 'blue', 'red')";
$stmt->execute();
$stmt->bind_result($name, $art);
while ($stmt->fetch()){
//Output data
}
}
So the problem is, that something does not work with the syntax in the prepared statement. This is my first attempt at preparing statements.
I had the query working before without using a prepared statement, but I am forced to use that now.
The old query looked like this:
$query = "SELECT name, art FROM table_one WHERE name LIKE '%$name%' AND art IN ('$art')";
Thank you for your help.
Related
This question already has answers here:
MYSQLI prepared statement bind_param types does not work
(2 answers)
Closed 3 years ago.
Objective: to pass any value in where phrase of mysqli parameterised query
code:
<?php
$name="%%";
$age="%%";
$name_op=null;
$age_op=null;
require_once("dbc.php");
$query="SELECT name, age from student WHERE name LIKE ? AND age LIKE ?";
$stmt=mysqli_prepare($dbc, $query);
mysqli_bind_param($stmt, "si", $name, $age);
mysqli_stmt_execute($stmt);
mysqli_bind_result($stmt, $name_op, $age_op);
while(mysqli_bind_fetch($stmt)){
echo "name : $name_op age: $age_op";
}
mysqli_stmt_close($stmt);
mysqli_close($dbc);
?>
Observation:
In mysql prompt,
mysql> SELECT name, age from student WHERE name LIKE "%%" AND age LIKE "%%";
shows all the records.
But, the above php code doesn't display any record.
Please help me in passing any value in parameterised query.
Under "any" value you are assuming any string value. Hence, you must use the correct type: s, not i for the $age variable.
<?php
require_once("dbc.php");
$name="%%";
$age="%%";
$query = "SELECT name, age from student WHERE name LIKE ? AND age LIKE ?";
$stmt = $dbc->prepare($query);
$stmt->bind_param("ss", $name, $age);
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_assoc()){
echo "name : $row[name] age: $row[age]";
}
This question already has answers here:
How to convert PDO to mysqli?
(2 answers)
Closed 3 years ago.
I want to convert PDO code to mysqli and having some problem. I'm still new at this and I really don't understand PDO completely.
$query = "INSERT INTO gender(gender) VALUES (:gender)";
$statement = $conn->prepare($query);
$statement->execute(array('gender' => $_POST["gender"]));
$count = $statement->rowCount();
This is far I got.
$statement = $db->prepare ($query);;
$statement = array('gender' => $_POST["gender"]);
$count=mysqli_num_rows($query);
$statement = mysqli_fetch_array ($query);
Try this version:
$query = "INSERT INTO gender(gender) VALUES (?)";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("s", $_POST["gender"]);
$stmt->execute();
$stmt->close();
You need to use the bind_param() function to bind parameters to your mysqli statement. Note that mysqli, unlike PDO, does not support named parameters. Instead, just use ? as a placeholder to which you bind your actual value later on.
This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 5 years ago.
I have this code to get a COUNT DISTINCT data:
$param = 'email';
$stmt = $conn->stmt_init();
$stmt = $conn->prepare("SELECT COUNT(DISTINCT(?)) FROM contatos");
$stmt->bind_param('s',$param);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($count);
while ($stmt->fetch()) {
echo $count;
}
But echo $count always returns 1, but i have dozens of records...
What is wrong?
Thanks
Binding is not allowed for column names (or table names). Your query is not executing correctly. You need to directly pass the name of the field.
$stmt = $conn->prepare("SELECT COUNT(DISTINCT(email)) FROM contatos");
This question already has an answer here:
How to dynamically build queries with PDO
(1 answer)
Closed 7 years ago.
I want to use my variables in my mysql queries safely. Im using pdo for this. But i can't use pdo placeholders for table name.
This works;
$stmt = $db->prepare("SELECT * FROM table WHERE id=?");
$stmt->execute(array($id));
But this doesnt;
$stmt = $db->prepare("SELECT * FROM ? WHERE id=?");
$stmt->execute(array($table, $id));
What i'm doing wrong ?
Just do
$stmt = $db->prepare("SELECT * FROM ".$table." WHERE id=?");
$stmt->execute($id);
You can't use placeholders for table
That should not be a problem since the table name should be something you control.
here is the simple answer for you.
$statement = $db->prepare("SELECT * FROM table WHERE id=(:some_id)");
$statement->execute(array(':some_id' => $row['id']));
you should provide it with key => value format.
This question already has answers here:
PDO binding values for MySQL IN statement [duplicate]
(8 answers)
PreparedStatement IN clause alternatives?
(33 answers)
Closed 7 years ago.
I was trying to use IN with mysqli prepare statment
$user_in = "'28','22'";
$stmt = $this->connection->prepare("SELECT `id` FROM `$this->table_name` WHERE `user_id` IN (?) ");
if($stmt){
$stmt->bind_param('s',$user_in);
if($stmt->execute()){
$result = $stmt->get_result();
if($result !== false && $result->num_rows >= 1){
$row = $result->fetch_all(MYSQLI_ASSOC);
$stmt->close();
var_dump($row);
}
}
}
echo $this->connection->error;
return false;
But the approach above is not able to fetch any result sets
Placeholders represent a SINGLE value. If you have a variable and placeholder-using query:
$var = '1,2,3';
SELECT ... WHERE foo IN (?)
then the query will be executed as the SQL had literally been
SELECT ... WHERE foo IN ('1,2,3')
and your 3 separate csv values will be treated as a single monolithic string.
IN clauses are one place where placeholders are somewhat useless, since you have dynamically build up a string with as many placeholders as you have values, e.g.
$vals = array(1,2,3);
$placeholders = '?' . str_repeat(',?', count($vals) - 1);
$stmt = $db->prepare("SELECT ... WHERE foo IN ($placeholders)");
foreach($vals as $i => $val) {
$stmt->bind($i, $vals[$i]);
}
and then