This question already has answers here:
What is the difference between bindParam and bindValue?
(7 answers)
Closed 7 years ago.
This is my php code:
public function update($table,$fields_and_values,$condition_field,$condition_field_value)
{
$query="UPDATE $table SET ";
foreach($fields_and_values as $field=>$value) $query.=($field."=:".$field." ,");
$query.=" ";
$query=str_replace(", "," WHERE ",$query);
$query.=($condition_field."='".$condition_field_value."'");
echo $query;
$stmt=$this->conn->prepare($query);
foreach($fields_and_values as $field=>$value) $stmt->bindParam(":".$field,$value);
$stmt->execute();
}
and this is how i call the function in my class:
$db=new db_connection('localhost','root','','maps');
$db->connect();
$arr=array('username'=>'testfromnewclass3','password'=>'123456');
$db->update('users',$arr,'username','term');
$db->disconnect();
It doesn't matter what the other functions like disconnect do! They work correctly.
My problem is that when this command executes, both username and password become 123456 !
And this is what i get from that echo $query:
UPDATE users SET username=:username ,password=:password WHERE username='term'
Is something wrong with my function? and if so how can i fix it?
Use $stmt->bindValue($field, $value);
instead of $stmt->bindParam(":".$field,$value);
Check this to understand difference between PDOStatement::bindParam() and PDOStatement::bindValue()
Related
This question already has an answer here:
Call to undefined method PDO::execute()
(1 answer)
Closed 5 years ago.
I am new to php mysqli ect and i have done my best to arrange a prepeared statement function to no avail. All i get is the following Error.
Call to undefined method PDO::execute()
I donnot understand why this is happening.
The values are being passed and echo'd but i still get this error.
It does not retrieve data from database either as error is called before doing so.
Can anybody see from the code what the problem is.. iv searched about on the net ect. and the closest i got what about checking the Isset of the inputs, but i had allready done this so thats not the issue.
im baffled.
Thanks for any advice... Its probly really simple. But so am i.
<?php
//include('conect.php')
$dbh = new PDO("mysql:host=localhost;dbname=classifieds", 'root', '');
$type=$_POST['type'];
$price=$_POST['price'];
if (isset($type) && isset($price)) {
echo $type;
echo $price;
$dbh->prepare('SELECT * FROM testdata WHERE type=? AND price=?');
$stm = $dbh->execute(array($type, $price));
if(($row = $stm->fetchObject())) {
$type=$row['type'];
$price=$row['price'];
echo $type;
echo $price;
} else
{ echo "none recieved"; }
} else
{echo "invalid"; }
?>
You have to assign $dbh->prepare('SELECT * FROM testdata WHERE type=? AND price=?'); to a variable and then call execute() method on it.
Example:
$smth = $dbh->prepare('SELECT * FROM testdata WHERE type=? AND price=?');
$result = $smth->execute(array($type, $price));
That's because PDO doesn't have execute method but PDOStatement object resolved from prepare method does.
This question already has answers here:
Reference: What is variable scope, which variables are accessible from where and what are "undefined variable" errors?
(3 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 5 years ago.
So I have the following code which is used to add a row to the respondent table, all working except when trying to add the value in of Brand:
$brand = 'Central';
function new_respondent() {
global $link;
$proc = mysqli_prepare($link, "INSERT INTO trespondent (brand, code) VALUES (?, uuid());");
mysqli_stmt_bind_param($proc, "s", $brand);
mysqli_stmt_execute($proc);
$respondent_id = mysqli_insert_id($link);
mysqli_stmt_fetch($proc);
mysqli_stmt_close($proc);
mysqli_clean_connection($link);
}
This code works (to a point) adds a row in the table and adds in the UUID no problems but brand is going in as NULL - I'm trying to work out if I am missing something very obvious here!
Any and all suggestion welcome.
You need to add $brand to your global, since it's outside of the function:
global $link, $brand;
Alternatively, you can modify your function to accept $brand as parameter:
function new_respondent($brand) {
...
}
This question already has answers here:
How can I bind an array of strings with a mysqli prepared statement?
(7 answers)
Closed 2 years ago.
I've been trying to figure this out.
$insertSql = 'INSERT INTO table (id,date,name,numFarts) VALUES (?,?,?,?)';
$values = (1,'0000-00-00 00:00:00','Bob',5);
$bind_param_str = ('issi');
if ($stmt = $db->prepare ($insertSql)) { // $inserSql is a pre-writted sql insert
$stmt->bind_param($bind_param_str,$values);
$stmt->execute();
$stmt->close();
}
This doesn't work, but I can't think of any other way to pass $values into bind_param()
Any ideas?
For any function that you need to pass an array as the argument/s you can use call_user_func_array.
In this example:
array_unshift($values,$bind_param_str);
call_user_func_array(array($stmt,'bind_param'),$values);
Don't ask me why you need array($stmt,'bind_param') instead of $stmt->bind_param. Has something to do with the syntax of -> I'm sure.
The clean solution (PHP5.6+) :
$stmt->bind_param($bind_param_str, ...$values);
This question already has answers here:
How do you debug PHP scripts? [closed]
(30 answers)
Closed 9 years ago.
i know this must be only a small bug, but i cant find it.
My function:
function del_mysql($table,$id)
{
$id = $_GET['id'];
$exec = mysqli_query($con, "delete from $table where id = '$id'");
return $exec;
}
in Code:
if ($_GET['action'] == 'delete')
{
del_mysql("awsome","$id");
}
if make in function:
$id = $_GET['id'];
echo $table;
echo $id;
i get right table and id.
Somebody see the bug?
I removed already the $exec and return part and leave only mysqli_query command. but dont want to work.
The problem is that in your del_mysql function, you are referencing the connection object $con, which does not exist in the scope of the function. Either pass it into the function as a parameter like this:
function del_mysql($table, $id, $con) {
or access it as a global variable like this:
function del_mysql($table, $id) {
global $con;
I hope that helps.
Regards,
Ralfe
This question already has answers here:
Reference: What is variable scope, which variables are accessible from where and what are "undefined variable" errors?
(3 answers)
Closed 9 years ago.
The following function is not working and i cannot see why.
function nuevoContacto($_POST) {
try {
include('func/usarBases.php');
$mensaje="INSERT INTO `t_contactos`(`id_c`, `nombre`, `telefono`, `telefono2`, `corto`, `celular1`, `celular2`, `email`, `puesto`, `id_a`) VALUES (NULL,'$_POST[nombre]','$_POST[tel1]','$_POST[tel2]','$_POST[corto]','$_POST[cel1]','$_POST[cel2]','$_POST[email]','$_POST[puesto]','$_POST[id_a]')";
$hacerConsulta = $base->prepare($mensaje);
$hacerConsulta->execute();
}
catch( PDOException $e) {
echo "<p>Error Connection: " .$e->getMessage()."</p>";
}
$hacerConsulta=null;
}
Once it is called the code breaks and nothing further is executed.
but when you use it inside the main code it works
Sorry i reedited the source and then is still not working, in the include usarBases.php is the conector pdo called $base
What it have to be
function nuevoContacto($base)
{
$sql = "INSERT INTO t_contactos VALUES (NULL,?,?,?,?,?,?,?,?,?)";
$data = array(
$_POST['nombre'],
$_POST['tel1'],
$_POST['tel2'],
$_POST['corto'],
$_POST['cel1'],
$_POST['cel2'],
$_POST['email'],
$_POST['puesto'],
$_POST['id_a']
);
$stmt = $base->prepare($sql);
$stmt->execute($data);
}
have to be called with $base as a parameter instead of $_POST
You're lacking a database connection in your function. Add the following to the very beginning of your function:
global $base;
When you add global $base to your function you'll be able to use it within your function without having to re-write the whole thing.
Unrelated note, but worth mentioning.
You are open to SQL injections and you're not using prepared statements as you should. You should be using placeholders and binding them later instead of passing they directly into your query.
And a tip for next time:
State in your question what isn't working. What your expectation is and what actually happens.