I have recently updated the PHP on my server to 5.4 and I was going through my code updating it to match. When I got to the point of upgrading my database queries I began having problems that I cannot solve. Everything worked before and all I have been changing about the SQL is the procedural call function names. For example:
$stmt = mysqli_prepare($mysqli, “SQL query”);
now becomes,
$stmt = mysqli_stmt_init($mysqli);
mysqli_stmt_prepare($stmt, $sqlReq);
$sqlReq = "SQL query";
I have gone through many forms of error checking and now know that,
mysqli_stmt_prepare($stmt, $sqlReq);
is returning “false” so I get the error:
Warning: mysqli_stmt_bind_param(): invalid object or resource mysqli_stmt in /file/location/
for the bind parameters. In the code below I have removed the error checking because I know that it will fail any error checking but I don’t understand why. So what I am asking is, what am I doing wrong with the new mysqli for PHP 5.4
$mysqli = mysqli_connect('localhost', 'my_user', 'my_password', 'my_db');
$sqlReq = "SELECT * FROM table_name WHERE column_name = ?";
$stmt = mysqli_stmt_init($mysqli);
mysqli_stmt_prepare($stmt, $sqlReq);
mysqli_stmt_bind_param($stmt, "s", $variable0);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
mysqli_stmt_bind_result($stmt, $variable1, $variable2, $variable3);
mysqli_stmt_close($stmt);
mysqli_close($mysqli);
Related
I have following lines of code to fetch multiple records using PHP 7.3
$query = "Select * from tblorders";
$stmt = $connection->prepare($query);
$stmt->execute();
$result = $stmt->fetchAll();
The last line issues as error.
Error Details
Uncaught Error: Call to undefined method mysqli_stmt::fetchAll()
I can confirm that the connection is not null and has proper connection details.
Am I missing anything?
This is because there is no such function! You are mixing PDO and mysqli.
If you want to fetch all records from a mysqli prepared statement you need to do it in two steps. First, fetch the result set using mysqli_stmt::get_result() and then use mysqli_result::fetch_all()
$query = "Select * from tblorders";
$stmt = $connection->prepare($query);
$stmt->execute();
$resultSet = $stmt->get_result();
$data = $resultSet->fetch_all(MYSQLI_ASSOC);
However, I would strongly advise learning PDO instead of mysqli as it is much easier and offers more options.
I finished developing my website on my local PC, and it's working fine. Now, after I shifted the PHP scripts and file to my web host directory, I started facing issues especially with Prepared Statements.
Briefly, when I execute prepared statement against a table, it returns value, but when executing it against a view, it doesn't.
$con = mysqli_connect($a["server"], $a["username"], $a["password"], $a["database"]);
$sql = "SELECT ID FROM table WHERE ALIAS = ?";
$stmt = mysqli_prepare($con,$sql);
mysqli_stmt_bind_param($stmt, "s", $_GET["alias"]);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $id);
mysqli_stmt_fetch($stmt);
mysqli_stmt_close($stmt);
echo "ID: $id";
$id has value, but when I select from view
$sql = "SELECT ID FROM view WHERE ALIAS = ?";
$stmt = mysqli_prepare($con,$sql);
mysqli_stmt_bind_param($stmt, "s", $_GET["alias"]);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $id);
mysqli_stmt_fetch($stmt);
mysqli_stmt_close($stmt);
echo "ID: $id";
$id is empty, and if I select from view using mysqli_query(), then it would get a value. Can you please help in resolving this issue.
Note: at beginning I set
mysqli_report(MYSQLI_REPORT_OFF);
Thanks
I am trying to execute two sql queries in the same time with mysqli:: multi_query and it works. Using this method I am not preventing SQL Injections. Multi_query method is not supported for prepared statements so I searched in Internet what to do instead of this. "TRANSACTIONS" was the Solution. I wrote my code like this but it doesn't work. None of these queries is executed. I want them to execute in the same time. Can anyone tell me where I am wrong ?
<?php
$conn = new mysqli('localhost', 'root', '', 'security')
mysqli_autocommit($conn, FALSE);
$sql = 'update users set name=?,surname=?,nickname=?,rfidcode=? where rfidcode=?';
$sql2="delete from access_rights where users_rfidcode=?";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 'sssss', $name,$surname,$nickname,$rfid,$rfidcode);
$stmt1 = mysqli_prepare($conn, $sql2);
mysqli_stmt_bind_param($stmt1, 's', $rfidcode);
mysqli_stmt_execute($stmt);
mysqli_stmt_execute($stmt1);
?>
Queries are ok because I have tested them and they work fine. Where can the problem be ?
The following statement works perfectly fine under PHP 5.2:
$db = new mysqli($db_host, $db_user, $db_pass, $database);
$sql = $db->prepare('SELECT id, field1, field2, field3 FROM people WHERE email = ? AND pass=?');
$user = strtolower($_POST['user']);
$pass = md5($_POST['pass']);
$sql -> bind_param('ss', $user ,$pass);
$sql -> execute();
$sql -> bind_result($id, $field1, $field2, $field3);
if ($sql -> fetch()) {
...
}
However, after upgrading to PHP 5.4 the fetch() fails and gives the following error:
Attempt to read a row while there is no result set associated with the statement
I couldn't find any hints that something has changed regarding the functions I use and the way I use them. I have seen that there was a change for bind_param using arrays in 5.3, but as I'm not using arrays here, I don't think that I'm affected by this change.
I have searched thru a lot of questions that have been posted by other people and I still can't find what's wrong with my code. There isn't much I could find out there similar to mine and mostly I found is in OO method.
I have tried this:
$query = "SELECT * FROM userinfo WHERE (username = '?')";
if($stmt = mysqli_prepare($mysqli, $query))
{
mysqli_stmt_bind_param($stmt, "s", $login_username);
mysqli_stmt_execute($stmt);
}
AND:
$query = "SELECT re_password FROM userinfo WHERE (username = '?')";
if($stmt = mysqli_prepare($mysqli, $query))
{
mysqli_stmt_bind_param($stmt, "s", $login_username);
mysqli_stmt_execute($stmt);
}
And I still getting this message : mysqli_stmt_bind_param() [function.mysqli-stmt-bind-param]: Number of variables doesn't match number of parameters in prepared statement
I seriously need some big help. I used to do in mySQL and I don't know or rather have no idea on preparing statement way of doing. Now I'm learning mySQLi by myself and learning how to code by using preparing statement at the same time. No matter how I look at the manual I still don't understand.
Also, is there any preference or advantages/disadvantages to code in OO or in procedural method?
Thanks guys!
Try replacing the '?' with ?:
$query = "SELECT * FROM userinfo WHERE username = ?";
if($stmt = mysqli_prepare($mysqli, $query))
{
mysqli_stmt_bind_param($stmt, "s", $login_username);
mysqli_stmt_execute($stmt);
}