This is the code to connect to my database. I am sure the username, password and database name are correct.
$Myconn = mysqli_connect($this->host, $this->user, $this->pass, $this->DBname);
This is code for prepare statement:
$query =$Myconn->prepare("SELECT * FROM `AD` WHERE name=?");
$query->bind_param('s', $AD_Name);
$query->execute();
$query->store_result();
$query->bind_result($id, $name, $price);
and I am sure that I sent $AD_Name correctly, as well as my query.
I used AMPPS and it was working while using my code.
My problem is that my result is always null when i print $id or $name or $price.
Ali Rasheed is right that you should use fetch() after doing a bind_result(), but there is a bigger issue here. You cannot use bind_result() with SELECT * .... It will not work properly because bind_result() will not know the order of the selected elements and thus it will not know which variable should get which value. Instead, you should revise to something like:
$query =$Myconn->prepare("SELECT id, name, price FROM `AD` WHERE name=?");
$query->bind_param('s', $AD_Name);
$query->execute();
$query->store_result();
$query->bind_result($id, $name, $price);
$query->fetch();
Substitute the column names as necessary of course.
You can see a good explanation about that here: https://stackoverflow.com/a/18753263/2694511
After doing
$query->bind_result($id, $name, $price);
use
$query->fetch();
Related
I have a sql statement to update confirm code and code in the database. I'm using bind param to bind the variables. It worked fine for my select and insert sql statements. However, it keeps giving me this error:
Fatal error: Uncaught Error: Call to a member function bind_param() on boolean
when I tried to execute the update query. I tried to search on every forums possible but found no answers and I hope someone could maybe spot my mistake. I'm having issues with $query1. Both code and confirmcode are varchar and not integer.
$username = $_GET['username'];
$code = $_GET['code'];
$confirmcode = "1";
$updatecode ="0";
$query=$con->prepare("SELECT username, code FROM customer_detail WHERE username ='$username'");
$query->execute();
$query->bind_result($checkusername, $checkcode);
$query->fetch();
$query1=$con->prepare("UPDATE customer_detail SET code=?, confirmcode=? WHERE username = ?"); //error
$query1->bind_param('sss',$username, $updatecode, $confirmcode); //error
$query1->execute();
The problem is that MySQLi can't run multiple queries at once, because it uses ubuffered queries. You'll need to close the first statement before you can run another. Add the following line after $query->fetch();.
$query->close();
This being said, your first query isn't guarded against SQL injection, because you use the variable directly in the query. Adding proper placeholders for your query, the final code would look like this
$query = $con->prepare("SELECT username, code FROM customer_detail WHERE username =?");
$query->bind_param('s', $username);
$query->execute();
$query->bind_result($checkusername, $checkcode);
$query->fetch();
$query->close();
$query1 = $con->prepare("UPDATE customer_detail SET code=?, confirmcode=? WHERE username = ?");
$query1->bind_param('sss',$username, $updatecode, $confirmcode);
$query1->execute();
$query1->close();
Try below code. Basically, you need to bind the params in the same order in which the placeholders (?) appear in the sql.
$query=$con->prepare("SELECT username, code FROM customer_detail WHERE username = ?");
$query->bind_param('s', $username);
$query->execute();
$query->bind_result($checkusername, $checkcode);
$query->fetch();
$query1=$con->prepare("UPDATE customer_detail SET code=?, confirmcode=? WHERE username = ?");
$query1->bind_param('sss', $updatecode, $confirmcode, $username);
$query1->execute();
Have you tried tis?
$query1->bind_param('iis', $updatecode, $confirmcode, $username);
Hi I have the following:
$query = "select * from test_admin_users where school_id=? and username=?";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("is", $school_id,$username);
$username='jones';
$school_id=11;
$stmt->execute();
Which works as expected. Being new to mysqli_ I played around with the bind_param types and found that
$stmt->bind_param("ss", $school_id,$username);
$stmt->bind_param("ii", $school_id,$username);
Both also give the expected results. Why are incorrect types being accepted?
Also, is there any way to use an identifier such as username instead of ? in the query template?
Thanks.
I am trying to output the variables that I get from the database in my query but nothing is being returned. Using MYSQLi prepared statements.
Please see code below:
$stmt = $con->prepare("SELECT first_name, last_name FROM transactions WHERE order_id = ?");
$stmt->bind_param('i', $order_id);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($first_name, $last_name);
$stmt->close();
// Output review live to page
echo $first_name;
Where am I going wrong?
You forgot the line to fetch the result. fetch().
Try that:
$stmt->bind_result($first_name, $last_name);
$stmt->fetch(); // ----- > you forget that line to fetch results.
$stmt->close();
The current error when running this from the command line is "Call to a member function bindParam() on a non-object" which I've worked out to being a problem with the variable $orderPO. Something does not like non-numeric characters which led me to the bindParam PARAM_STR business which does not work either. The database fields are both varchar 50.
My search skills are failing me. I know this must be posted somewhere about a million times but I can't seem to find it. I am completely open to doing this another way if someone has a better idea.
Current attempt code:
try
{
$orderNum = '123456';
$orderPO = '123456-A';
$dbh = new PDO("mysql:host=localhost;dbname=dbname", 'someuser', 'somepass');
$stm = $dbh->prepare("insert into some_table (order_number, order_po)");
$stm->bindParam(':order_number', $orderNum, PDO::PARAM_STR);
$stm->bindParam(':order_po', $orderPO, PDO::PARAM_STR);
$stm->execute();
print_r($stm);
print_r($dbh);
$arr = $stm->errorInfo();
print_r($arr);
$stm->closeCursor();
$dbh = null;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
In order to bind parameters using PDO, you will need to use placeholders, like this:
$stm = $dbh->prepare("
INSERT INTO `some_table` SET
`order_number` = :order_number,
`order_po` = :order_po
");
$stm->bindParam(':order_number', $orderNum, PDO::PARAM_STR);
$stm->bindParam(':order_po', $orderPO, PDO::PARAM_STR);
Notice the inclusion of the : character before the named placeholder. I also added column names to your query.
Read further and see examples: PDO bindParam
The correct syntax is
$stm = $dbh->prepare("insert into some_table (order_number, order_po) VALUES (?, ?)");
$stm->bindParam(1,$orderNum);
$stm->bindParam(2,$orderPO);
include the questions marks, the numbers in the bindParam call refer to which question mark you're binding the parameter to
You are trying to use bindparam, but bind param matches ? not cursors :. You have not included any parameters or values.
Also, you are missing your VALUES statement within the query, which is causing the query to fail. This is why you get the "Call to a member function bindParam() on a non-object"
To use the :value syntax, use bindValue, not bindParam. to use bindParam, switch the :value to ? in your query and number them in order is your execute array.
try
{
$orderNum = '123456';
$orderPO = '123456-A';
$dbh = new PDO("mysql:host=localhost;dbname=dbname", 'someuser', 'somepass');
$stm = $dbh->prepare("insert into some_table (order_number, order_po) VALUES (:order_number, :order_po)");
$stm->bindvalue(':order_number', $orderNum, PDO::PARAM_STR);
$stm->bindvalue(':order_po', $orderPO, PDO::PARAM_STR);
$stm->execute();
print_r($stm);
print_r($dbh);
$arr = $stm->errorInfo();
print_r($arr);
$stm->closeCursor();
$dbh = null;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
I have basic question about mysqli prepared statements. For example, I want to execute a SELECT query, Should I do it like:
<?
$city = "Amersfoort";
if ($stmt = $mysqli->prepare("SELECT District FROM City WHERE Name=?")) {
$stmt->bind_param("s", $city);
$stmt->execute();
$stmt->bind_result($district);
$stmt->close();
}
$mysqli->close();
?>
In the above code, is bind_result also required? What exactly it does?
Also, do I need need to close mysqli connection after each query?
Thanks.
bind_result makes it so that when you iterate over the results of the query, the columns from the result set are automatically mapped to local variables.
For example, suppose you execute a query that returns a result set with three columns like this:
$query = "SELECT Name, CountryCode, District FROM myCity";
You want to execute the query and do something with the results, let's say print them:
if ($result = $mysqli->query($query)) {
while ($row = $result->fetch_row()) {
printf("%s (%s,%s)\n", $row[0], $row[1], $row[2]);
}
}
The "problem" with the above code is that $row[0] is not very descriptive. An alternative way is to use bind_result, which goes like this:
$query = "SELECT Name, CountryCode, District FROM myCity";
if ($stmt = $mysqli->prepare($query)) {
$stmt->bind_result($name, $countryCode, $district);
while ($stmt->fetch()) {
printf("%s (%s,%s)\n", $name, $countryCode, $district);
}
}
As you see, when using bind_result each time you call fetch the variables $name, $countryCode, $district are automatically populated with the values from the current result row. There are some details that you must ensure, read the documentation for more info.
To answer your other question: you do not need to, and indeed you must not close the connection after each query (unless you know very well what you are doing).
bind_result assigns the variable to which data will be written. And you can keep the connection open. Just make sure you call $stmt->fetch() after $stmt->bind_result($district);
Check out Example #1 here:
http://www.php.net/manual/en/mysqli-stmt.bind-result.php