This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 5 years ago.
I have this code to get a COUNT DISTINCT data:
$param = 'email';
$stmt = $conn->stmt_init();
$stmt = $conn->prepare("SELECT COUNT(DISTINCT(?)) FROM contatos");
$stmt->bind_param('s',$param);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($count);
while ($stmt->fetch()) {
echo $count;
}
But echo $count always returns 1, but i have dozens of records...
What is wrong?
Thanks
Binding is not allowed for column names (or table names). Your query is not executing correctly. You need to directly pass the name of the field.
$stmt = $conn->prepare("SELECT COUNT(DISTINCT(email)) FROM contatos");
Related
This question already has answers here:
Single result from database using mysqli
(6 answers)
Closed 5 months ago.
I am trying to get a value from column "odznak" in "users" tab for user "user01" and store it in variable $odznak (for searching in another tab.
$stmt = $conn->prepare("SELECT odznak FROM users WHERE username = 'user01'");
$stmt->execute();
$result = $stmt;
$odznak;
You need to fetch the data (say into an associative array)
On the other hand, as a good practice, please use parameterized prepared statement in your select query
So, change to:
$stmt = $conn->prepare("SELECT odznak FROM users WHERE username = ?");
$stmt->bind_param("s", 'user01');
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
$odznak=$row["odznak"];
Now, $odznak is the retrieved data
This question already has an answer here:
Correct way to use LIKE '%{$var}%' with prepared statements?
(1 answer)
Closed 1 year ago.
I should execute this method,
but I don't know how pass %research value as LIKE parameter in bind:
public function researchElements($research) {
$stmt = $this->db->prepare("SELECT * FROM product WHERE product_name LIKE "'%?%'"");
$stmt->bind_param('s', $research);
$stmt->execute();
$result = $stmt->get_result();
$result = $result->fetch_all(MYSQLI_ASSOC);
return $result;
}
At least you can use in your query CONCAT function like next:
$stmt = $this->db->prepare("SELECT * FROM product WHERE product_name LIKE CONCAT('%',?,'%')");
Note: if $research variable gets value '', then query will return all rows from the table.
This question already has answers here:
I have an array of integers, how do I use each one in a mysql query (in php)? [duplicate]
(5 answers)
mySQL bind_param with IN(?) [duplicate]
(5 answers)
Closed 3 years ago.
I have this mysql query in php:
$sql2 = "SELECT id, nazev, poradi FROM system WHERE id IN($idIs) ORDER BY poradi";
$result2 = mysqli_query($conn, $sql2);
The variable $idIs is a string '2,3' (two ids of system).
When I try to fill array $nazevSystemu, there are two values (beacause of the two ids from $idIs)
$i = 0;
$nazevSystemu = [];
while($row2 = mysqli_fetch_assoc($result2)) {
$nazevSystemu[$i] = $row2['nazev'];
echo $row2['nazev'];
$i++;
}
Result of echo $row2['nazev'];:
Value1Value2
I want to make it safe, avert SQl inj., so I use prepared statement like this (instead of the first two rows of code on this page):
$stmt2 = $conn->prepare("SELECT id, nazev, poradi FROM system WHERE id IN(?) ORDER BY poradi");
$stmt2->bind_param("s", $idIs);
$stmt2->execute();
$result2 = $stmt2->get_result();
But now I get only this as result of echo $row2['nazev']; - just one value:
Value1
What did I do wrong in prepared statement?
You have to provide all id's as individual parameters.
So instead of IN(?) you have to write IN(?,?,?) and parse each parameter individual.
Code example:
$ids = explode(',', $idIs);
$stmt2 = $conn->prepare("SELECT id, nazev, poradi FROM system WHERE id IN(".trim(str_repeat('?,', count($ids)), ',').") ORDER BY poradi");
foreach ($ids as $id) {
$stmt2->bind_param("i", $id);
}
$stmt2->execute();
$result2 = $stmt2->get_result();
This question already has answers here:
Can I bind an array to an IN() condition in a PDO query?
(23 answers)
MySQLi Bind Param with an array for IN [duplicate]
(2 answers)
Closed 5 years ago.
I can not figure out how I can prepare my select statement.
$query = "SELECT name, art FROM table_one WHERE name LIKE ? AND art IN ?";
if ($stmt = $db_link->prepare($query)) {
$stmt->bind_param("ss", $name, $art);
$stmt->execute();
if ($stmt->errno){
//Deal with error
}
$name = "%Marc%";
$art = "('green', 'blue', 'red')";
$stmt->execute();
$stmt->bind_result($name, $art);
while ($stmt->fetch()){
//Output data
}
}
So the problem is, that something does not work with the syntax in the prepared statement. This is my first attempt at preparing statements.
I had the query working before without using a prepared statement, but I am forced to use that now.
The old query looked like this:
$query = "SELECT name, art FROM table_one WHERE name LIKE '%$name%' AND art IN ('$art')";
Thank you for your help.
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 7 years ago.
I have no idea why this is not returning anything. I'll show the code and talk through the steps I've taken.
if (isset($_GET['observation'])) {
require_once("../func/connect.php");
$query = "SELECT * FROM observations WHERE option = ?";
$stmt = $db->prepare($query);
$stmt->bindValue(1, $_GET['observation']);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
echo $row['question'];
} else {
echo 'nope';
}
$row dumps a false boolean, $row['question'] is null.
I've wrote about a million queries and don't have a clue why this doesn't work.
Database table observations consists of id, question & option and the bindValue is correct to match a string in the database.
However, it returns null.
option is a reserved word in mysql so you need to quote it with backticks:
$query = "SELECT * FROM observations WHERE `option` = ?";