I've been having a problem with the prepared statements in MySQLI OOP. The problem is that I don't know how to use the num_rows() method correct.
If I use var_dump to see the result of the variables I will get NULL because there is no data.
$stringMail = trim($_POST['mail']);
/*
.....
*/
$stmt = $mysqli->prepare("SELECT email FROM users WHERE email = ? ");
$stmt->bind_param('s', $stringMail);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($usersMail);
$iaMail = $stmt->num_rows;
$stmt->close();
Sorry for the bad English, I'm Dutch and my English isn't the very best... Thanks for helping!
You don't need it. As you have $usersMail already.
Related
hope someone can help me.
i have a very simple prepared SELECT statment in PHP:
$query_select = ("SELECT * FROM companies where user_name = ? ");
$stmt = $mysqli->prepare($query_select);
$stmt->bind_param("s", $user_name);
$stmt->execute();
$count = $stmt->num_rows;
in companies table I have several rows with the $user_name i`m trying to query. But i still get 0 rows as a result.
The strange thing is that the non PREPARED version works:
$query = 'SELECT * FROM companies WHERE user_name="'.$user_name.'"';
$result = $mysqli->query($query);
$count= $result->num_rows;
echo "Aantal: ".$count;
So my question is, does anyone know why the prepared version returns ZERO and the non prepared version returns the correct number of rows?
Add this line to your code between execute and num_rows statement.
$stmt->store_result();
You have to store it before counting it.
For mysqli prepared statements, you must take an additional step: storing the result.
Try this:
$query_select = ("SELECT * FROM companies where user_name = ? ");
$stmt = $mysqli->prepare($query_select);
$stmt->bind_param("s", $user_name);
$stmt->execute();
$stmt->store_result(); // <-- new line
$count = $stmt->num_rows;
May be you need to bind the result:
/* bind result variables */
$stmt->bind_result($district);
Full example here
I am trying to output the variables that I get from the database in my query but nothing is being returned. Using MYSQLi prepared statements.
Please see code below:
$stmt = $con->prepare("SELECT first_name, last_name FROM transactions WHERE order_id = ?");
$stmt->bind_param('i', $order_id);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($first_name, $last_name);
$stmt->close();
// Output review live to page
echo $first_name;
Where am I going wrong?
You forgot the line to fetch the result. fetch().
Try that:
$stmt->bind_result($first_name, $last_name);
$stmt->fetch(); // ----- > you forget that line to fetch results.
$stmt->close();
I've read everything there is to read about prepared statements and im still not sure about the order of execution... (many use different order).
Is this a good order ?
$sql = 'SELECT * FROM ... WHERE ... = ?';
$conn = ...connection to database...
$stmt = $conn->stmt_init();
$stmt->prepare($sql);
$stmt->bind_param('i', $param);
$stmt->execute();
$stmt->store_result(); // results are cached and accessed from memeory, therefore faster but use more memory
$num_rows = $stmt->num_rows; // how many? (can only be use with store_result() )
$stmt->bind_result($column, ...);
$stmt->fetch(); // use in loop if necessary
$stmt->free_result(); // use only with store_result()
$stmt->close(); // close prepared statement
$conn->close(); // close database
Apparently not.
Although order is quite all right, many operators you have used are superfluous and useless. Also, there should be no connection related code in the context of execution single query.
include 'db.php'; // here goes connect
$sql = 'SELECT * FROM ... WHERE ... = ?';
$stmt->prepare($sql);
$stmt->bind_param('i', $param);
$stmt->execute();
$stmt->bind_result($column, ...);
$stmt->fetch();
is enough. Note that you never need row_count if you have data.
$stmt = $this->_db->prepare("SELECT userid FROM users WHERE login = ? AND md5pass = ?");
#$stmt->bindParam(1, $login, PDO::PARAM_INT);
#$stmt->bindParam(2, $pass, PDO::PARAM_STR);
$stmt->execute(array($login,$pass));
$res = $stmt->fetch(PDO::FETCH_NUM);
Which way is better to transfer variables to prepeared statment bindParam or execute(array)? Both working but what is differense? Only PDO::PARAM checking? For SELECT I think array would be enough and for INSERT I sould use the bindParam. Am I right? Thanks to all. Just learning =)
With bindParam you can add the datatype and also important with bind param you are binding the variables by reference.
I'm quite new at using prepared statements and is wondering if I should close the stmt_init() after each call or could I just keep it open?
$stmt = $mysqli->stmt_init();
if($stmt->prepare("SELECT player_draws, player_turn, player_passes, swapped FROM ".$prefix."_gameplayer WHERE fk_game_id = ? AND fk_player_id = ?")){
$stmt->bind_param('ii', $currgame, $playerid);
$stmt->execute();
$stmt->bind_result($udraws, $uturn, $upass, $uswaps);
$stmt->fetch();
echo $udraws.'-'.$uturn.'-'.$upass.'-'.$uswaps.'<br>';
// Close statement object
$stmt->close();
}
$stmt = $mysqli->stmt_init();
if($stmt->prepare("SELECT player_draws, player_turn, player_passes, swapped FROM ".$prefix."_gameplayer WHERE fk_game_id = ? AND fk_player_id != ?")){
$stmt->bind_param('ii', $currgame, $playerid);
$stmt->execute();
$stmt->bind_result($odraws, $oturn, $opass, $oswaps);
$stmt->fetch();
echo $odraws.'-'.$oturn.'-'.$opass.'-'.$oswaps.'<br>';
// Close statement object
$stmt->close();
}
Is one of them better for the database considering calls?
Thanks in advance!
...A prepared statement or a parameterized statement is used to execute the same statement repeatedly with high efficiency...
EDIT
Since the queries are different each of them will need to be prepared separately but you should be able to reuse the $mysqli->stmt_init();
On a side note someone mentions this in the comments:
*if you are repeating an statement in an loop using bind_param and so on inside it for a larger operation. i thougt id would be good to clean it with stmt->close. but it broke always with an error after aprox. 250 operations . As i tried it with stmt->reset it worked for me.*