This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 9 years ago.
Please help me, I can't using bindValue() in PDOStatement.
$statement = self::$dbConn->prepare("SELECT * FROM :tableDB WHERE id = :id");
$statement->bindValue(":id", $id, PDO::PARAM_INT);
$statement->bindValue(":tableDB", $tableDB, PDO::PARAM_STR);
$statement->execute();
$statement->setFetchMode(PDO::FETCH_ASSOC);
$result = $statement->fetchAll();
When i run this script.
$statement = self::$dbConn->prepare("SELECT * FROM :tableDB WHERE id = :id");
$statement->bindValue(":id", $id, PDO::PARAM_INT); // Return true
$statement->bindValue(":tableDB", $tableDB, PDO::PARAM_STR); // Return true
But when run to:
$statement->execute(); // Return false.
You're binding table name. You cannot do that.
Use the table name directly in the query as follows:
$statement = self::$dbConn->prepare("SELECT * FROM table_name WHERE id = :id");
$statement->bindValue(":id", $id, PDO::PARAM_INT);
// $statement->bindValue(":tableDB", $tableDB, PDO::PARAM_STR); <-- Remove this line
Update: Replaced query to use table name instead of variable.
Related
This question already has answers here:
How to convert PDO to mysqli?
(2 answers)
Closed 3 years ago.
I want to convert PDO code to mysqli and having some problem. I'm still new at this and I really don't understand PDO completely.
$query = "INSERT INTO gender(gender) VALUES (:gender)";
$statement = $conn->prepare($query);
$statement->execute(array('gender' => $_POST["gender"]));
$count = $statement->rowCount();
This is far I got.
$statement = $db->prepare ($query);;
$statement = array('gender' => $_POST["gender"]);
$count=mysqli_num_rows($query);
$statement = mysqli_fetch_array ($query);
Try this version:
$query = "INSERT INTO gender(gender) VALUES (?)";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("s", $_POST["gender"]);
$stmt->execute();
$stmt->close();
You need to use the bind_param() function to bind parameters to your mysqli statement. Note that mysqli, unlike PDO, does not support named parameters. Instead, just use ? as a placeholder to which you bind your actual value later on.
This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 7 years ago.
I have a Query like this in my PDO statement:
SELECT * FROM table WHERE ? = ? ORDER BY id DESC
I wanted to bind column name to first ? and the value to second ? (column = value)
I tried many things such as below, but they all fail or return empty array (when there should be result)
This returns empty array
$query = "SELECT * FROM table WHERE ? = ? ORDER BY id DESC"
$db->prepare($query);
$stmt->bindValue(1, $column, PDO::PARAM_STR);
$stmt->bindValue(2, $value, PDO::PARAM_STR);
and this one displays an error
$query = "SELECT * FROM table WHERE column = :value ORDER BY id DESC"
$db->prepare($query);
$stmt->bindColumn('column', $column);
$stmt->bindValue(':value', $value, PDO::PARAM_STR);
Column is variable, so i had to bind it and can't put it in query directly.
What am I doing wrong here? I tried many things but no luck...
Please note that I know how to bind values if column is static, my issue is when column is also variable like above.
It should be bindParam, but you can execute it with an array inside too that's the way I do it:
$query = $db->prepare( 'SELECT * FROM table WHERE column=\':value\' ORDER BY id DESC' );
$query->execute(array(
':value' => $value
));
This question already has answers here:
Error when preparing a multiple insert query
(5 answers)
Closed 4 years ago.
I know this problem came multiple times, but i cannot find the mistake in my code. In my update-branch every $stmt->bindValue(...) returns TRUE, but i catch the pdo exception
SQLSTATE[HY093]: Invalid parameter number: parameter was not defined
Inserting a new entry works fine.
In my mysql-database the structure of table 'system' is:
id -> int(11), primary key
computer_name -> varchar(255)
cpu_speed -> int(11)
ram_size -> int(11)
mac_address -> varchar(255)
operating_system -> varchar(255)
My error-throwing code:
// Search for mac_address.
// If an entry with the same MAC exists update the entry.
// Else, create a new entry
$stmt = $pdo->prepare("SELECT * FROM system WHERE mac_address=:mac");
$stmt->bindValue(":mac", $mac_address, PDO::PARAM_STR);
$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
// If no rows are returned, no entry exists => create a new one
if(empty($rows))
{
// Prepare statement
$stmt = $pdo->prepare("INSERT INTO
system(`computer_name`,`cpu_speed`,`ram_size`,`mac_address`, `operating_system`)
VALUES(:computer_name, :cpu_speed, :ram_size, :mac_address, :operating_system)");
$stmt->bindValue(":computer_name", $computer_name, PDO::PARAM_STR);
$stmt->bindValue(":cpu_speed", $cpu_speed, PDO::PARAM_INT);
$stmt->bindValue(":ram_size", $ram_size, PDO::PARAM_INT);
$stmt->bindValue(":mac_address", $mac_address, PDO::PARAM_STR);
$stmt->bindValue(":operating_system", $operating_system, PDO::PARAM_STR);
}
else // Update existing entry
{
//computer_name cpu_speed ram_size mac_address operating_system
$stmt = $pdo->prepare("UPDATE system
SET computer_name=:computer_name,
cpu_speed=:cpu_speed,
ram_size=:ram_size,
operating_system=:operating_sytem,
mac_address=:mac_address_in
WHERE mac_address=:mac_address_query");
echo$stmt->bindValue(":computer_name", $computer_name, PDO::PARAM_STR);
echo$stmt->bindValue(":cpu_speed", $cpu_speed, PDO::PARAM_INT);
echo$stmt->bindValue(":ram_size", $ram_size, PDO::PARAM_INT);
echo$stmt->bindValue(":mac_address_in", $mac_address, PDO::PARAM_STR);
echo$stmt->bindValue(":operating_system", $operating_system, PDO::PARAM_STR);
echo$stmt->bindValue(":mac_address_query", $mac_address, PDO::PARAM_STR);
}
// Execute the command
$stmt->execute();
SQLSTATE[HY093]: Invalid parameter number: parameter was not defined
This mean that you have a parameter that is not defined. It's seams that you have error here operating_system=:operating_sytem, may be it should be operating_system=:operating_system, . This make one missing parameter because it is not set here because you have misspelled a word. Please try to check every word in you prepare statement and the corresponding bindValue.
$stmt = $connection->prepare("SELECT id FROM articles WHERE position =? LIMIT 1");
$stmt-> bind_param('i',$call );
$stmt->execute();
$result = $stmt->fetch();
$oldpostid = $result;
$stmt->close();
I don't see anything wrong with it, but it is returning 1 or nothing. $call is set and integer. I tried this too:
$stmt = $connection->prepare("SELECT * FROM articles WHERE position =? LIMIT 1");
$oldpostid = $result['id'];
Assuming this is all working you need to bind the result variables as well. mysqli_stmt_fetch returns a boolean:
$stmt->execute();
$stmt->bind_result($id);
$stmt->fetch();
$oldpostid = $id;
You seem to be mixing mysqli & PDO. The first line is PDO
$stmt = $connection->prepare("SELECT id FROM articles WHERE position =? LIMIT 1");
The next line is mysqli
$stmt-> bind_param('i',$call );
Should be for PDO the unnamed variables in place holder Manual Example 4
$stmt-> bindParam(1,$call );
$stmt->execute();
OR using array
$stmt->execute(array($call));
I have two stored procedures in my database Postgres, both have the same name but the difference are the parameters.
procedure1(::string, ::integer, ::string, ::integer)
procedure1(::string, ::integer, ::integer)
In PDO doing bindParam correct, is coming STR, INT, INT but the prepere always performs procedure1.
How do I get him to understand what I call the procedure2?
Some information for more help? I clear? thanks
EDIT ===
...
$bounds = null; // forced for debug
if(!is_null($bounds)){
$query = "SELECT procedure1(:name, :domain, :geo, :userid)";
$stmt = $db->prepare($query);
$stmt->bindParam('name', $name, PDO::PARAM_STR);
$stmt->bindParam('domain', $idDomain, PDO::PARAM_INT);
$stmt->bindParam('geo', $geoString, PDO::PARAM_STR);
$stmt->bindParam('userid', $userId, PDO::PARAM_INT);
}else{
$query = "SELECT procedure1(:name, :domain, :userid)";
$stmt = $db->prepare($query);
$stmt->bindParam('name', $name, PDO::PARAM_STR);
$stmt->bindParam('domain', $idDomain, PDO::PARAM_INT);
$stmt->bindParam('userid', $userId, PDO::PARAM_INT);
}
$result = $stmt->execute();
...
The error it gives is that he is running a procedure that requires four parameters
Try changing your $query statements to explicitly tell PDO the types, and to avoid extra code switch to bindValue (PDO uses the PARAM flags to format SQL, not to cast data types):
$bounds = null; // forced for debug
if(!is_null($bounds)){
$query = "SELECT procedure1(:name::VARCHAR, :domain::INTEGER, :geo::VARCHAR, :userid::INTEGER)";
$stmt = $db->prepare($query);
$stmt->bindValue('name', $name);
$stmt->bindValue('domain', $idDomain);
$stmt->bindValue('geo', $geoString);
$stmt->bindValue('userid', $userId);
}else{
$query = "SELECT procedure1(:name::VARCHAR, :domain::INTEGER, :userid::INTEGER)";
$stmt = $db->prepare($query);
$stmt->bindValue('name', $name);
$stmt->bindValue('domain', $idDomain);
$stmt->bindValue('userid', $userId);
}
$result = $stmt->execute();