PHP MySQL: How to get result from prepared statement? [duplicate] - php

This question already has an answer here:
Store_result and get_result for statement
(1 answer)
Closed last year.
$conn = new mysqli(.....);
$param = $_GET['manf'];
$stmt = $conn->prepare('select manf from manf where manf = ?');
$stmt->bind_param('s', $param);
$stmt->execute();
$stmt->store_result();
echo $stmt->num_rows;
$result = $stmt->get_result();
if(!$result){
die(mysql_error());
}
while($row = $result->fetch_assoc()){
echo $row['manf'];
}
echo $stmt->num_rows prints right vaule however I can't get results from while statement. I also tried mysqli::bind_result but didn't work.
How can I fix this?

Try this:
$conn = new mysqli(.....);
$param = $_GET['manf'];
$stmt = $conn->prepare('select manf from manf where manf = ?');
$stmt->bind_param('s', $param);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($result);
echo $stmt->num_rows;
while($stmt->fetch()){
echo $result;
}
$stmt->free_result();
$stmt->close();
for fetching you need to use $stmt->fetch().

Related

Mysql get count with php prepared

I want get count rows in my table. How can I do it?
<?php
require_once "config.php";
$conn = new mysqli($servername, $username, $password, $dbname);
$stmt = $conn->prepare("SELECT COUNT(*) FROM `books`");
$stmt->execute();
$result = $stmt->get_result();
?>
Try this :
$query = "SELECT COUNT(*) FROM books";
$stmt = $conn->prepare($query);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($Count);
$stmt->fetch();
echo "Count: $Count";

Mysqli fetch array not working

I am in the process of making my mysql querys prepared in an attempt to increase security, however I have a problem when I attempt to fetch the results of a prepared statement. I have researched for the cause of the error, however many of the examples use complex code and I do not know how to apply the solution to my code.
The error
mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in
My code
$query = "SELECT cid, user1, user2 FROM convotable
WHERE user1 = ? OR user2 = ? ORDER BY createtime ASC";
$stmt = mysqli_prepare($dbc, $query);
if ($stmt) {
mysqli_stmt_bind_param($stmt, "ii", $user1, $user2);
mysqli_stmt_execute($stmt);
while($row = mysqli_fetch_array($stmt)){
$cid = $row['cid'];
$user1 = $row['user1'];
$user2 = $row['user2'];
}
}
Try this way and set variable that you bind in mysqli_stmt_bind_param()
$query = "SELECT cid, user1, user2 FROM convotable
WHERE user1 = ? OR user2 = ? ORDER BY createtime ASC";
$stmt = mysqli_prepare($dbc, $query);
if ($stmt)
{
mysqli_stmt_bind_param($stmt, "ii", $user1, $user2);
$user1=1; //set variable
$user2=2; //set variable
mysqli_stmt_execute($stmt);
while($row = mysqli_fetch_array($stmt))
{
$cid = $row['cid'];
$user1 = $row['user1'];
$user2 = $row['user2'];
}
}
See for more :http://php.net/manual/en/mysqli-stmt.execute.php
It may not be what you need, but I find using PDO (alternative to mysqli) alot more easy and clear:
<?php
$dsn = 'mysql:host=localhost;dbname=DBNAME;charset=utf8';
$user = 'user';
$pass = 'pass';
$db = new PDO($dsn, $user, $pass);
$user1 = '123';
$user2 = '234';
$query = "SELECT cid, user1, user2 FROM convotable
WHERE user1 = ? OR user2 = ? ORDER BY createtime ASC";
$stmt = $db->prepare($query);
$stmt->bindParam(1, $user1, PDO::PARAM_INT);
$stmt->bindParam(2, $user2, PDO::PARAM_INT);
if (!$stmt->execute()) {
echo 'something went wrong';
die;
}
print_r($stmt->fetchAll());

mysqli prepare - only works when not a function?

That one always returns a false bool:
<?php
function check($username, $db_conx) {
$sql = 'SELECT User_ID FROM tbl_user WHERE Username=?';
$stmt = $db_conx->prepare($sql);
$stmt->bind_param('s', $username);
$stmt->execute();
$ret= $stmt->get_result();
$stmt->close();
$db_conx->close();
$ret = $ret->fetch_row();
return $ret;
}
$usr = "root";
$res = check($u,$db_conx);
echo var_dump($res);
echo $a[0];
?>
I don't get it, they are pretty equal - so what's the error?
That one returns what I expected:
<?php
$usr = 'root';
$sql = "SELECT User_ID FROM tbl_user WHERE Username=?";
$stmt = $db_conx->prepare($sql);
$stmt->bind_param('s', $usr);
$stmt->execute();
$ret = $stmt->get_result();
$stmt->close();
$db_conx->close();
$ret = $ret->fetch_row();
echo var_dump($ret);
echo $ret[0];
?>
I want to recycle it over and over again with the function, but it doesn't seem to work. Is it even possible to set & execute the parameters in a function or have I just made a stupid mistake?

Select statement is not working properly

after i select from the db, i keep getting 0 when it's actually 1
Code:
$username = $_SESSION['username'];
echo $username;
$sql = "SELECT activated FROM members WHERE username = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->bind_result($emailactivated);
$stmt -> close();
echo $emailactivated;
Echo says 0.. it should be 1, and note : $username isn't empty
You're missing $stmt->fetch()
http://php.net/manual/en/mysqli-stmt.fetch.php
$stmt = $conn->prepare($sql);
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->bind_result($emailactivated);
$stmt->fetch(); //right here
$stmt -> close();

Catchable fatal error: Object of class PDOStatement could not be converted to string

I am getting the following error when attempting to match values on database with those passed in a form to check if a user exists.
Catchable fatal error: Object of class PDOStatement could not be
converted to string
This is the code I'm using:
//Check users login details
function match_login($username, $password){
//If the button has been clicked get the variables
try{
$dbh = new PDO("mysql:host=localhost;dbname=mjbox","root", "usbw");
} catch( PDOException $e ) {
echo $e->getMessage();
}
$stmt = $dbh->prepare("SELECT * FROM mjbox WHERE username=? AND password=?");
$stmt->bindParam(1, $username);
$stmt->bindParam(2, $password);
$stmt->execute();
$result = mysql_query($stmt);
if( mysql_num_rows($result) > 0 ){
echo 'There is a match!';
}else{
echo 'nooooo';
}
}
mysql_query() and PDO are not compatible and cannot be used together. You're attempting to pass the PDO statement object to mysql_query() which expects a string. Instead, you want to fetch rows from $stmt via one of PDO's fetching methods, or check the number of rows returned with rowCount():
$stmt = $dbh->prepare("SELECT * FROM mjbox WHERE username=? AND password=?");
$stmt->bindParam(1, $username);
$stmt->bindParam(2, $password);
if ($stmt->execute()) {
// get the rowcount
$numrows = $stmt->rowCount();
if ($numrows > 0) {
// match
// Fetch rows
$rowset = $stmt->fetchAll();
}
else {
// no rows
}
}
MySQL and PHP5/PDO don't work well with returning the number of rows. After your new PDO(), issue:
$dbh->setAttribute(PDO::MYSQL_ATTR_FOUND_ROWS, true);
Then issues your query...
$stmt = $dbh->prepare("SELECT * FROM mjbox WHERE username=? AND password=?");
$stmt->bindParam(1, $username);
$stmt->bindParam(2, $password);
$stmt->execute();
// number of rows returned
if($stmt->rowCount()){
// ... matches
}else{
// .. no match
}
Otherwise your rowCount would be either bool 0, or null/throw error.

Categories