We Keep Coding

not able to select the row where the last inserted id is [Mysql, php pdo oop] [duplicate]

This question already has answers here:
How to include a PHP variable inside a MySQL statement
(5 answers)
Closed 2 years ago.
i'm facing this Problem when i try to select the last inserted id from Mysql table, i get the value = bool(true) instead of the values.
What i'm trying to do:
if (isset($_POST['submit'])){
if (isset($_POST['paName']) && isset($_POST['paEmail']) && isset($_POST['paTel']) && isset($_POST['aName']) && isset($_POST['Artnum'])){
if (!empty($_POST['paName']) && !empty($_POST['paEmail']) && !empty($_POST['paTel']) && !empty($_POST['aName']) && !empty($_POST['Artnum'])){
$paName = $_POST['paName'];
$paEmail = $_POST['paEmail'];
$paTel = $_POST['paTel'];
$aName = $_POST['aName'];
$Artnum = $_POST['Artnum'];
$query = "INSERT INTO crud (paName,paEmail,paTel,aName,Artnum) VALUES ('$paName','$paEmail','$paTel','$aName','$Artnum')";
if ($sql = $this->conn->exec($query)){
$id = $this->conn->lastInsertId();
$query = "SELECT * FROM crud WHERE id = '".$id."'";
$stmt=$this->conn->prepare($query);
$stmt->execute();
var_dump($stmt->execute());die();
}
but if i do the same without conditions, i get all values from the table , so that's mean my condition is wrong.
can you tell me please what i'm doing wrong ?

It seems like you are missing $this->conn->prepare() in first query. You can try this example :
lastInsertId() only work after the INSERT query.
Correct:
$stmt = $this->conn->prepare("INSERT INTO crud (paName,paEmail,paTel,aName,Artnum)
VALUES(?,?,?,?,?);");
$sonuc = $stmt->execute([$paName,$paEmail,$paTel,$aName,$Artnum]);
$LAST_ID = $this->conn->lastInsertId();
Incorrect:
$stmt = "INSERT INTO crud (paName,paEmail,paTel,aName,Artnum) VALUES ('$paName','$paEmail','$paTel','$aName','$Artnum')";
$sonuc = $this->conn->execute($stmt);
$LAST_ID = $this->conn->lastInsertId(); //always return string(1)=0

Why does the following SELECT statement not run? [duplicate]

This question already has answers here:
How to include a PHP variable inside a MySQL statement
(5 answers)
Closed 3 years ago.
The following code intends to select a value from a table in a
database, use the selected value to change a variable, and then add
that variable to another table in the database. However, I cannot
figure out why it doesn't work - the $entry query runs, but the
application doesn't recognize the $sql query for some reason. Can
anyone help me, please?
$sql = "SELECT calories FROM food WHERE name = $food";
$result = $conn->query($sql);
if ($serving_size == 'Plate'){
$calories = $amount * $result;
}
if ($serving_size == 'Bowl'){
$calories = $amount * $result * 2/3;
}
$entry = $conn->prepare("INSERT INTO data (`Food/Exercise`, `Quantity`, `Calories_Burned_or_Consumed`, `Number_of_Calories`) VALUES (?, ?, ?, ?)");
$entry->bind_param("sssi", $food, $quantity, $consumed, $calories);
if($entry->execute()){
echo 'Inserted';
} else {
echo 'Not Inserted';
}

Is $food actually defined, and is it quoted? If there are no quotes around the string it will be considered a column name here and the query will not match anything.
This query actually is prone to SQL injections, params should be used just like you do below.

Prepare select statement in php [duplicate]

This question already has answers here:
Can I bind an array to an IN() condition in a PDO query?
(23 answers)
MySQLi Bind Param with an array for IN [duplicate]
(2 answers)
Closed 5 years ago.
I can not figure out how I can prepare my select statement.
$query = "SELECT name, art FROM table_one WHERE name LIKE ? AND art IN ?";
if ($stmt = $db_link->prepare($query)) {
$stmt->bind_param("ss", $name, $art);
$stmt->execute();
if ($stmt->errno){
//Deal with error
}
$name = "%Marc%";
$art = "('green', 'blue', 'red')";
$stmt->execute();
$stmt->bind_result($name, $art);
while ($stmt->fetch()){
//Output data
}
}
So the problem is, that something does not work with the syntax in the prepared statement. This is my first attempt at preparing statements.
I had the query working before without using a prepared statement, but I am forced to use that now.
The old query looked like this:
$query = "SELECT name, art FROM table_one WHERE name LIKE '%$name%' AND art IN ('$art')";
Thank you for your help.

Fetch COUNT DISTINCT data with prepared statements [duplicate]

This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 5 years ago.
I have this code to get a COUNT DISTINCT data:
$param = 'email';
$stmt = $conn->stmt_init();
$stmt = $conn->prepare("SELECT COUNT(DISTINCT(?)) FROM contatos");
$stmt->bind_param('s',$param);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($count);
while ($stmt->fetch()) {
echo $count;
}
But echo $count always returns 1, but i have dozens of records...
What is wrong?
Thanks

Binding is not allowed for column names (or table names). Your query is not executing correctly. You need to directly pass the name of the field.
$stmt = $conn->prepare("SELECT COUNT(DISTINCT(email)) FROM contatos");

Issue using grammar with PDO [duplicate]

This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 9 years ago.
Have a minor issue when updating records in MySQL using PDO. It fails to update when I use grammar so for an example, if I use: ' it fails me. I am using my prepare, but it's just the apostrophe that fails to work?
if($_POST['ourstory']) {
foreach($_POST['ourstory'] as $id => $ourstory) {
$sql = "UPDATE our_story SET content = '$ourstory' WHERE id = '$id'";
$q = $db->prepare($sql);
$q->execute(array($id,$ourstory));
}
}

That's not how you use prepared statements. You want to use a ? in your query.
$sql = "UPDATE our_story SET content = ? WHERE id = ?";
$q = $db->prepare($sql);
$q->execute(array($ourstory, $id));