What am I missing?
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test";
$name = 'Samuel "L" Jackson';
$conn = new mysqli($servername, $username, $password, $dbname);
$stmt = $conn->prepare("INSERT INTO test2 (id, name) VALUES (?,
?)");
$stmt->bind_param("is",'600' , $name);
$stmt->execute();
$stmt->close();
$conn->close();
?>
I'm getting the following error:
Cannot pass parameter 2 by reference in C.... on line ...
bind_param accepts two or more arguments. The first must be a string identifying the data types for the SQL parameters. The rest of the arguments must be variables that can be passed by reference. '600' is a constant, so you cannot pass it by reference.
Just use a temporary variable to work around that limitation, like this:
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test";
$id = 600;
$name = 'Samuel "L" Jackson';
$conn = new mysqli($servername, $username, $password, $dbname);
$stmt = $conn->prepare("INSERT INTO test2 (id, name) VALUES (?, ?)");
$stmt->bind_param("is", $id, $name);
$stmt->execute();
$stmt->close();
$conn->close();
?>
Related
The below query wont insert to database, I had tried this query on my database so I am quite sure that the query is working. I also added the dbcon.php below.
<?php
require '../api/dbcon.php';
$stmt=$conn->prepare("INSERT INTO joborder (AirCondition,
CarpentryMasonry,
ElectricalWorks,
Plumbing,
Welding,
Campus,
priorityId,
RequestorName,
UserJobDescription,
SerialCode
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" );
$stmt->bind_param('ssssssssss',
$airConditioning,
$masonryCarpentry,
$electrical,
$plumbing,
$welding,
$campus,
$priority,
$requester,
$userJobDescription,
$serialCode);
$airConditioning = "check";
$masonryCarpentry = "check";
$electrical = "check";
$plumbing = "check";
$welding = "check";
$campus = 'NA';
$priority = '1';
$requester = "m";
$userJobDescription ="test";
//create serial code
$serialCode= "na12321";
?>
dbcon.php
<?php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$dbtable = "table";
$conn = new mysqli($dbhost, $dbuser, $dbpass, $dbtable);
if(!$conn ){
die('Could not connect: ' . mysqli_error());
}
?>
you're using a bad error reporting mode, and thus need to meticulously check for errors everywhere, but you're not.
on not-dbcon.php on line 4 you're not checking that $conn->prepare succeeded, do that, it returns bool(false) if there was an error. on line 16 you're not checking that $stmt->bind_param succeeded, do that, it returns bool(false) if there was an error. or better yet, don't do that, just convert return-value-error-reporting into exception-error-reporting, by running $conn->report_mode = MYSQLI_REPORT_ALL; immediately after creating the object.
... and most importantly, seems you forgot to run $stmt->execute(), which actually executes the query, which obviously explains why you're not inserting anything.
<?php
$servername = "localhost";
$username = "root";
$password = "123456";
$database = "inventory";
// Create connection
$conn = new mysqli($servername, $username, $password, $database);
$stat = $conn->prepare("INSERT INTO salary (name, salary, job) values (?, ?, ?)");
$name = 'test';
$salary = '21123';
$job = 'demo';
$stat->bind_param($name,$salary, $job );
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// prepare and bind
$stmt = $conn->prepare("INSERT INTO salary (name, salary, job) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);
// set parameters and execute
$firstname = "Johnqqq";
$lastname = "123123";
$email = "sdadsad";
$stmt->execute();
echo "New records created successfully";
$stmt->close();
$conn->close();
?>
i want to insert with foreign key resident_id using prepared statement in table_complaints.
here is my picture of :
also i get the $ides = $_POST["resident_id"]; in view page
$servername = "localhost";
$username = "root";
$password = "";
$database = "myDb";
$conn = mysqli_connect($servername, $username, $password, $database);
if(!$conn){
die("Connection Failed: " . mysqli_connect_error());
}
if(isset($_POST["submits"])){
$comp_text = $_POST["comp"];
$complaints = $_POST["complaints"];
$ides =$_POST["resident_id"];
$statementi = mysqli_stmt_init($conn);
mysqli_stmt_prepare($statementi, "INSERT INTO table_complaint (nature_of_complaints, status)
VALUES (?, ?) WHERE resident_id = ?");
mysqli_stmt_bind_param($statementi, "ssi", $comp_text, $complaints);
mysqli_stmt_execute($statementi);
mysqli_stmt_close($statementi);
}
mysqli_close($conn);
Your insert query is incorrect.
You can use this:
INSERT INTO table_complaint (resident_id,nature_of_complaints, status) VALUES (?,?,?)
and then bind the parameters:
mysqli_stmt_bind_param($statementi, "iss", $ides,$comp_text, $complaints);
I wrote a code that protects me from sql injections, but now it doesn't even create users. Here is the my code:
<?php
$user = $_GET['username'];
$pass = $_GET['password'];
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test123";
$conn = new mysqli($servername, $username, $password, $dbname);
function selectInfo($user, $pass){
global $conn;
$stmt = $conn->prepare("INSERT INTO users (username, password) VALUES (?, ?)");
$stmt->bind_param("ss", $user, $pass);
$stmt->execute();
$stmt->close();
}
?>
i get no error when executing but it doesn't create users that i need.
Sorry for bad code. Im new at this.
the real reason is you are not calling the function
either do this
<?php
$user = $_GET['username'];
$pass = $_GET['password'];
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test123";
$conn = new mysqli($servername, $username, $password, $dbname);
function selectInfo($user, $pass){
global $conn;
$stmt = $conn->prepare("INSERT INTO users (username, password) VALUES (?, ?)");
$stmt->bind_param("ss", $user, $pass);
$stmt->execute();
$stmt->close();
}
selectInfo($user, $pass);
?>
or
<?php
$user = $_GET['username'];
$pass = $_GET['password'];
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test123";
$conn = new mysqli($servername, $username, $password, $dbname);
$stmt = $conn->prepare("INSERT INTO users (username, password) VALUES (?, ?)");
$stmt->bind_param("ss", $user, $pass);
$stmt->execute();
$stmt->close();
?>
Am trying to insert multiple rows in to table using php:
<?php
$host = "localhost";
$username = "mysql_username";
$password = "mysql_password";
$dbname = "employee";
$con = mysqli_connect($host, $username, $password, $dbname) or die('Error in Connecting: ' . mysqli_error($con));
$st = mysqli_prepare($con, 'INSERT INTO emp(name, gender, designation) VALUES (?, ?, ?)');
// bind variables to insert query params
mysqli_stmt_bind_param($st, 'sss', $name, $gender, $designation);
for ($x = 0; $x <= 3; $x++) {
$name = 'tom';
$gender = 'male';
$designation = 'developer';
mysqli_execute($st);
}
//close connection
mysqli_close($con);
?>
But the rows that i want to insert are not saved in database. Are there any mistakes in my code ?
Actually I want the for loop from json array, I just test using for loop for knowing it is worked or not.
I think the code is right, but try this:
<?php
$host = "localhost";
$username = "mysql_username";
$password = "mysql_password";
$dbname = "employee";
$con = mysqli_connect($host, $username, $password, $dbname) or die('Error in Connecting: ' . mysqli_error($con));
$st = mysqli_prepare($con, 'INSERT INTO emp(name, gender, designation) VALUES (?, ?, ?)');
for ($x = 0; $x <= 3; $x++) {
$name = 'tom';
$gender = 'male';
$designation = 'developer';
// bind variables to insert query params
mysqli_stmt_bind_param($st, 'sss', $name, $gender, $designation);
mysqli_execute($st);
}
//close connection
mysqli_close($con);
?>
The mysqli_stmt_bind_param($query, 'is',…) means the first value is an integer (i) and the next value is a string (s). Feel free to adjust to best fit your actual data types.
I am getting the following error when attempting to execute a prepared statement using MySQLi.
Any help to determine what I am doing incorrectly would be GREATLY appreciated.
Fatal error: Call to a member function prepare() on a non-object in etc.
I am connecting properly using this statement:
<?php
$DBHost = "localhost";
$DBUser = "xxxxxx";
$DBPass = "xxxxxx";
$DBName = "creati38_chicos";
$dbconn = new mysqli($DBHost, $DBUser, $DBPass, $DBName);
// check connection
if ($dbconn->connect_error) {
//echo $dbconn->connect_error;
die('Sorry, we are having some problems right now. Please check back later.');
}
else{
echo "You have connected Successfully";
}
?>
I am then using this statement:
<?php
if ((isset($_POST["update"])) && ($_POST["update"] == "Update Appliance")) {
$stmt = $mysqli->prepare("UPDATE appliances SET
category = ?,
make = ?,
model = ?,
description = ?,
price = ?
WHERE id = ?");
$stmt->bind_param('ssssdi',
$_POST['category'],
$_POST['make'],
$_POST['model'],
$_POST['description'],
$_POST['price'],
$_POST['id']);
$stmt->execute();
$stmt->close();
}
?>
it's not $mysqli->prepare( in your case it is $dbconn->prepare(
You are doing
$dbconn = new mysqli($DBHost, $DBUser, $DBPass, $DBName);
and using as
$mysqli->prepare()
make both same
Use $dbconn instead of $mysqli
$stmt = $dbconn->prepare("UPDATE appliances SET
category = ?,
make = ?,
model = ?,
description = ?,
price = ?
WHERE id = ?");
$stmt->bind_param('ssssdi',
$_POST['category'],
$_POST['make'],
$_POST['model'],
$_POST['description'],
$_POST['price'],
$_POST['id']);
$stmt->execute();
$stmt->close();
}
?>