I am having getting my query to display results, I have ran the exact same query locally in mySQL and I get the desired result but when it is executed through the following code nothing happens.
$JobID = '3214.GF.010.J45.TEA';
$ProjectID = '3214';
$conn = new mysqli ($server,$username,$password,$dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully <br>";
$stmt = $conn->prepare('Select jmpPartShortDescription, ujmpLevel, ujmpRoom, jmpClosed from Inf_Jobs');
//$stmt->bind_param('ss',$JobID,$ProjectID);
$stmt -> bind_result($Description,$Level,$Room,$Closed);
$stmt -> fetch();
$stmt -> close();
$conn -> close();
echo $Description .$Level .$Room .$Closed;
I cannot understand why I get no results I am getting the Connected Successfully message but no actual values are returned.
You need to execute() a prepared statement to make it do anything.
$stmt = $conn->prepare('Select jmpPartShortDescription, ujmpLevel, ujmpRoom, jmpClosed from Inf_Jobs');
//$stmt->bind_param('ss',$JobID,$ProjectID);
$stmt->execute(); // <- this is what does the work
$stmt -> bind_result($Description,$Level,$Room,$Closed);
$stmt -> fetch();
Related
So i have a very simple function that runs against a MySQL database of users with a few other credentials. I have written several other functions that run similar queries with that work as expected. However currently every time I run a query against my DB i get null result. I have taken the query itself and ran it directly against it(phpmyadmin) and was able to retrieve the desired results.
function getName( $user ){
$con = mysqli_connect('localhost','*****','*****','*****');
if(mysqli_connect_error()){
echo 'Failed to Connect: '. mysqli_connect_error();
die();
}
$stmt = $con->prepare('SELECT firstName,lastName FROM users WHERE user=? LIMIT 1');
$stmt->bind_param('s',$user);
$stmt->execute();
$stmt -> bind_result($fname,$lname);
$stmt->fetch();
$lArr = str_split($lname);
$canName = $fname . ' ' . $lArr[0].'.';
return $canName;
}
I have tried with and without limit just in case. var_dump always shows null. Does anyone know why this would happen?
You forgot to ->fetch() any results from the result set, just binding them to variables is not enough
function getName( $user ){
$con = mysqli_connect('localhost','*****','*****','*****');
if(mysqli_connect_error()){
echo 'Failed to Connect: '. mysqli_connect_error();
die();
}
$stmt = $con->prepare('SELECT firstName,lastName FROM users WHERE user=? LIMIT 1');
$stmt->bind_param('s',$user);
$stmt->execute();
$stmt -> bind_result($fname,$lname);
// now fetch data into the bound variables
$stmt->fetch();
$lArr = str_split($lname);
$canName = $fname . ' ' . $lArr[0].'.';
return $canName;
}
You execute the query but you are not picking up the results (As RiggsFolly was saying). You shout use fetch() of fetchall()
http://php.net/manual/en/pdostatement.fetchall.php
http://php.net/manual/en/pdostatement.fetch.php
I am learning to put data in my database using php mysqli prepared statements. I have the data going into the data base by using this code.
$FirstName=ucwords($_POST['fname']);
$LastName=ucwords($_POST['lname'], "-'");
$Customer=$LastName." ".$FirstName;
$conn = new mysqli($host,$user,$password,$db);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$stmt = $conn->prepare("INSERT INTO customers (FirstName, LastName, Customer) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $FirstName, $LastName, $Customer);
$stmt->execute();
$conn->close();
This is working very well. Especially with hyphenated names or names with an apostrophy such as Pete O'Brian.
Now then while trying to retrieve the information back out of the database I am using the following code.
$conn = new mysqli($host,$user,$password,$db);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$stmt = $conn -> prepare("SELECT Customer, Instrument1 FROM tblinvoice WHERE InvID = ?");
$stmt->bind_param("i", $tempid);
$stmt->execute();
$stmt -> bind_result($cust, $inst);
$stmt -> fetch();
$cust = mysqli_real_escape_string($conn, $cust);
$stmt -> close();
$conn -> close();
BUT the above output O\ for a last name of O'Brian. If I remove the mysqli_real_escape_string($conn, $cust) and just use the bound value of $cust I simply get O instead of O'Brian.
Can anyone tell me what I am not doing or what I am doing wrong here?
always use htmlspecialchars() in content from db that are going to show in html.
echo htmlspecialchars($yourresult['yourfield'], ENT_QUOTES);
We should always use htmlspecialchars when filling HTML form input fields values.
I've gone through quite a number of stackoverflow threads and I simply can't get it right to retrieve the results after preparing a query. I've tried a number of different solutions and none seem to be able to fetch the associative array after I execute the query
$mysqli = new MySQLi('localhost', 'root', '', 'prac2');
$query = $mysqli-> prepare("SELECT * FROM `user` WHERE username=? and password=?");
$query-> bind_param('ii', $username, $password);
if($query-> execute()) {
$query->store_result();
if ($query -> num_rows > 0) {
$result = $mysqli->query($query);
$r = $result -> fetch_array(MYSQLI_ASSOC)['userid'];
$_SESSION['userid'] = $r;
}
}
I've established that sometimes its a case of result containing a boolean for success but I'm still not certain what exactly I'm doing wrong.
UPDATED:
Okay the bind_param works now, but the fetch_assoc keeps giving me the error "Call to a member function fetch_assoc() on a non-object", I even test the result to ensure that it returns true.
$mysqli = new MySQLi('localhost', 'root', '', 'prac2');
$query = $mysqli->prepare("SELECT * FROM user WHERE username=? and password=?");
echo $mysqli->error;
$query-> bind_param('ss', $username, $password);
if($query->execute()) {
$result = $query -> store_result();
if($result) {
while($row = $result -> fetch_assoc()){
echo $row['userid'];
$_SESSION['userid'] = $row['userid'];
}
}
}
Usernames and password are strings and it should be 's' denoting that corresponding variable has type string. I don't see how usernames and passwords are integers. Bind Param Types
$query-> bind_param('ss', $username, $password);
Inside bind_param for string you should use s. I mean try ss instead of ii.
I'm trying to count the rows returned from the database. When i run this code this will give me return of 1 row which contains a username and password but when i try to count the rows it allways give back zero even tho database is actually returning rows.
$row_count =$stmt -> num_rows only returns 0.
$stmt = $mysqli -> prepare
("SELECT username, password FROM members WHERE username=? AND password=?");
$stmt -> bind_param("ss", $username, $password);
$stmt -> execute();
$stmt -> bind_result($returned_username, $returned_password);
$stmt->fetch();
$row_count = $stmt -> num_rows;
echo $row_count;
echo $returned_username;
echo "<br />";
echo $returned_password;
$stmt -> close();
$mysqli ->close();
Use $stmt->store_result(); before getting the num_rows.
More info: http://php.net/manual/en/mysqli-stmt.num-rows.php
Try this:
$stmt = $mysqli -> prepare
("SELECT username, password FROM members WHERE username=? AND password=?");
$stmt -> bind_param("ss", $username, $password);
$stmt -> execute();
$stmt -> store_result(); //You need to store the results first
$stmt -> bind_result($returned_username, $returned_password);
$stmt->fetch();
$row_count = $stmt -> num_rows;
echo $row_count;
echo $returned_username;
echo "<br />";
echo $returned_password;
$stmt -> close();
$mysqli ->close();
This is the code, following (Explanation is afterwards):
<?php
error_reporting(E_ALL);
ini_set('display_errors',1);
$uname = $_POST['uname'];
if($uname!=""){
$mysqli = new mysqli('localhost', 'root', '', 'dota_site_test');
if(mysqli_connect_errno()){
echo("connetion error: " . mysqli_connect_errno());
exit();
}
$stmt = $mysqli->prepare("SELECT Username FROM users WHERE Username=?");
$stmt -> bind_param("s", $uname);
$stmt -> execute();
$stmt -> bind_result($unamecheck);
if($stmt->num_rows > 0){
echo "taken: ";
echo "name is ".$unamecheck;
}else{
echo "free: ";
echo "name is ".$unamecheck;
}
$stmt -> close();
$mysqli -> close();
}
?>
I am not sure where the problem is, but when I am, at the bottom, trying to echo "name is ". $unamecheck;, It is just returning blank. The way this code works is that on every key press the query is run to see if a Username is already present in the database. I have checked my Ajax, and the $uname = $_POST['uname']; is working fine.
In addition, I have ran the query "SELECT Username FROM users WHERE Username=?" within mysql itself, replacing the ? with my username, and that worked fine.
Have I made a mistake with the prepared statement? I am not sure if this is the way it must be done, but I am trying to be careful with SQL injection.
The result of my testing just shows free: name is being echo'd regardless of input. No other error codes are present.
You need to call
$stmt -> fetch();
After
$stmt -> bind_result($unamecheck);
In the prepare query, try to separete the =? from the column name, like this:
SELECT Username FROM users WHERE Username = ?
If this not work, print mysql_error() to verify if there is a mysql error