passing user object to function and then to prepared stament (PHP) - php

I'm fairly new to PHP, and I'm working with mysqli, OOP and prepared statements.
My question is this:
I'm trying to pass an user(object) to an Insert_user(func) in my database(class).
I have 3 classes, 'logic', 'data' and 'index'. Index includes data and logic, and initiates
the connection and user.
In my function (insert_user), I'm using an array to pass user variables into, before
binding and executing my statement.
Hers is my code:
<?php
function insert_user($user) {
$query = "INSERT INTO user VALUES (?,?,?,?,?,?,?,?,?,?)";
$binding = 'issssiisss';
$variables = array( $user->user_id, $user->f_name, $user->l_name, $user->address, $user->city, $user->zipcode, $user->mobile_number, $user->mail, $user->pass_key, $user->pass_word);
$stmt = $this->mysqli->prepare($query);
$stmt->bind_param($binding,$variables[0],$variables[1],$variables[2],$variables[3],$variables[4],$variables[5],$variables[6],$variables[7],$variables[8],$variables[9]);
$stmt->execute();
}
?>
Here is my var_dump from browser:
object(user)#1 (10) { ["user_id"]=> int(1) ["f_name"]=> string(5) "pelle" ["l_name"]=> string(5) "kanin" ["address"]=> string(7) "vænget" ["city"]=> string(6) "aaaaaa" ["zipcode"]=> int(123) ["mobile_number"]=> int(123) ["mail"]=> string(4) "fedt" ["pass_key"]=> string(3) "ert" ["pass_word"]=> string(4) "erto" }
string(10) "issssiisss"
array(10) { [0]=> int(1) [1]=> string(5) "pelle" [2]=> string(5) "kanin" [3]=> string(7) "vænget" [4]=> string(6) "aaaaaa" [5]=> int(123) [6]=> int(123) [7]=> string(4) "fedt" [8]=> string(3) "ert" [9]=> string(4) "erto" }
object(mysqli_stmt)#4 (10) { ["affected_rows"]=> int(-1) ["insert_id"]=> int(0) ["num_rows"]=> int(0) ["param_count"]=> int(10) ["field_count"]=> int(0) ["errno"]=> int(0) ["error"]=> string(0) "" ["error_list"]=> array(0) { } ["sqlstate"]=> string(5) "00000" ["id"]=> int(1) }
What am i doing wrong!?
Thank you.
EDIT: The problem is inserting the data into the database. It simply doesn't work. When i execute no data is put in.
I think the problem lies with the $stmt->bind_param function, and inserting the data from the array.
param_count = 10 and field_count = 0!
EDIT !2!:
OK. So, it actually works! what i did wrong was specify a integer value in my user_id, i.e. when i created the user. My database uses AUTO.INCREMENT on that value, and therefore it didn't work..
Anyways, thanks for the answer. G'day!

Check if you have any errors when after each mysqli statement to isolate the error:
$stmt = $this->mysqli->prepare($query);
if ( false===$stmt ) {
die('prepare() failed: ' . htmlspecialchars($mysqli->error));
}
$stmtBindResult = $stmt->bind_param($binding,$variables[0],$variables[1],$variables[2],$variables[3],$variables[4],$variables[5],$variables[6],$variables[7],$variables[8],$variables[9]);
if ( false===$stmtBindResult ) {
die('bind_param() failed: ' . htmlspecialchars($stmt->error));
}
$stmtExecuteResult = $stmt->execute();
if ( false===$stmtExecuteResult ) {
die('execute() failed: ' . htmlspecialchars($stmt->error));
}
else you can use basic PDO. I would use PDO insert with following basic function:
$Query = "INSERT INTO user VALUES (?,?,?,?,?,?,?,?,?,?)";
$Params = array($variables[0],$variables[1],$variables[2],$variables[3],$variables[4],$variables[5],$variables[6],$variables[7],$variables[8],$variables[9]);
$InsertResult = PDOInsert($Query, $Params);
function PDOInsert($Query, $Parameters)
{
try
{
$PDOConnection = new PDO('mysql:host='.DB_HOST.';dbname='.DB_NAME.'', DB_USER, DB_PASS);
$PDOConnection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$Statement = $PDOConnection->prepare($Query);
foreach ($Parameters as $Key => $Val)
$Statement->bindValue($Key+1, $Val);
$Statement->execute();
$PDOConnection = null;
return true;
}
catch(PDOException $e)
{
die('ERROR: ' . $e->getMessage());
return false;
}
}

Related

SQL Update table (Azure with PHP)

somehow i must make a mistake somewhere and can't seem to find the correct solution, must be doing something wrong. I want to update my Azure SQL table called Celebrity from a PHP page and it doesn't update. Can you pls help me or tell me what i am doing wrong
<?php
try {
$conn = new PDO( "sqlsrv:Server= $host ; Database = $db ", $user, $pwd);
$conn->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
}
catch(Exception $e){
die(var_dump($e));
}
if(!empty($_POST)) {
try {
$FirstName = $_POST['FirstName'];
$LastName = $_POST['LastName'];
$id = $_POST['id_celebrity'];
$sql_update = "UPDATE
Celebrity
SET
(FirstName, LastName)
VALUES
(?,?)
WHERE
id_celebrity='$id'";
$stmt = $conn->prepare($sql_update);
$stmt->bindValue(1, $FirstName);
$stmt->bindValue(2, $LastName);
$stmt->execute();
}
catch(Exception $e) {
die(var_dump($e));
}
echo "Celebrity Updated in DB!";
}
?>
Here is the instruction in use and this is what i get back from the AZURE server:
object(PDOException)#3 (8) { ["message":protected]=> string(97) "SQLSTATE[42000]: [Microsoft][SQL Server Native Client 11.0][SQL Server]Incorrect syntax near '('." ["string":"Exception":private]=> string(0) "" ["code":protected]=> string(5) "42000" ["file":protected]=> string(62) "D:\home\site\wwwroot\CelebrityOverview\CelebrityEditResult.php" ["line":protected]=> int(57) ["trace":"Exception":private]=> array(1) { [0]=> array(6) { ["file"]=> string(62) "D:\home\site\wwwroot\CelebrityOverview\CelebrityEditResult.php" ["line"]=> int(57) ["function"]=> string(7) "execute" ["class"]=> string(12) "PDOStatement" ["type"]=> string(2) "->" ["args"]=> array(0) { } } } ["previous":"Exception":private]=> NULL ["errorInfo"]=> array(3) { [0]=> string(5) "42000" [1]=> int(102) [2]=> string(80) "[Microsoft][SQL Server Native Client 11.0][SQL Server]Incorrect syntax near '('." } }
Try this instead:
$sql_update = "UPDATE Celebrity
SET FirstName = ?, LastName = ?
WHERE id_celebrity='$id'";
Assigning each column a value with a comma in between, UPDATE markup is not same as INSERT.

php mysqli fetch result always returning 1

this is code i am trying to work with. i am checking number of total row in a table(how many people registered). my output don't have any error or so, i dont know what am i doing wrong. same thing was working yesterday. god knows what happened now
$query = "SELECT count(*) FROM team";
$result = $db->prepare($query);
$result->execute();
$number= $result->fetch();
print_r($number);
var_dump($result);
OUTPUT:
1
object(mysqli_stmt)#2 (10) { ["affected_rows"]=> int(-1) ["insert_id"]=> int(0) ["num_rows"]=> int(0) ["param_count"]=> int(0) ["field_count"]=> int(1) ["errno"]=> int(0) ["error"]=> string(0) "" ["error_list"]=> array(0) { } ["sqlstate"]=> string(5) "00000" ["id"]=> int(1) }
You could do the following:
$query = "SELECT count(1) FROM team";
if($stmt = $db->prepare($query)){
$stmt->execute();
$stmt->bind_result($number);
$stmt->fetch();
$stmt->free_result();
$stmt->close();
}
echo $number;
or
$query = "SELECT * FROM team";
if($stmt = $db->prepare($query)){
$stmt->execute();
$stmt->store_result();
$number = $stmt->num_rows;
$stmt->free_result();
$stmt->close();
}
echo $number;

PHP mysqli executes thousands of queries on fetch()

I'm trying to figure a mysqli DB connection in PHP. The problem is everytime I try to fetch the result, literally thousands of queries are executed, and MySQL server and/or browser dies.
Here is the code I use:
$resultQuery = $this->db->prepare($query_id);
var_dump($this->db);
var_dump($resultQuery);
$resultQuery->execute();
//$result = $resultQuery->dbStatement->fetch();
$resultQuery->close();
return $result;
If I uncomment the row with the fetch method, everything goes nuts...
Here is the result of var_dumb's used in the code above:
query:
string(69) " SELECT userid, fname, lname FROM users WHERE finished=0 "
db object:
object(mysqli)#2 (17) {
["affected_rows"]=>
int(-1)
["client_info"]=>
string(6) "5.1.49"
["client_version"]=>
int(50149)
["connect_errno"]=>
int(0)
["connect_error"]=>
NULL
["errno"]=>
int(0)
["error"]=>
string(0) ""
["field_count"]=>
int(0)
["host_info"]=>
string(25) "Localhost via UNIX socket"
["info"]=>
NULL
["insert_id"]=>
int(0)
["server_info"]=>
string(17) "5.1.66-0+squeeze1"
["server_version"]=>
int(50166)
["sqlstate"]=>
string(5) "00000"
["protocol_version"]=>
int(10)
["thread_id"]=>
int(2220)
["warning_count"]=>
int(0)
}
response before fetch():
object(mysqli_stmt)#47 (9) {
["affected_rows"]=>
int(0)
["insert_id"]=>
int(0)
["num_rows"]=>
int(0)
["param_count"]=>
int(0)
["field_count"]=>
int(3)
["errno"]=>
int(0)
["error"]=>
string(0) ""
["sqlstate"]=>
string(5) "00000"
["id"]=>
int(1)
}
Here is how I connect to my DB:
if ($this->persistency)
{
$this->db = new mysqli("p:" . $this->server, $this->user, $this->password);
}
else
{
$this->db = new mysqli($this->server, $this->user, $this->password);
}
$this->db->query("SET CHARACTER SET utf8") or die("Error during character set initialization | " . mysql_error());
$this->db->query("SET NAMES 'utf8'") or die("Error during character set names initialization | " . mysql_error());
if (!$this->db->connect_error)
{
if ($database != "")
{
$this->dbname = $database;
$dbselect = $this->db->select_db($this->dbname);
if (!$dbselect)
{
$this->db->close($this->db);
$this->dbError = "Error choosing database!";
}
else
{
$this->dbResults = new mysqli_result();
$this->dbStatement = new mysqli_stmt();
return $this->dbError = false;
}
}
}
else
{
return $this->dbError = $this->db->connect_error;
}
It seems like mysqli can't decide when to stop sending queries to be fetched...
What am I doing wrong? Can someone help me?
Are you binding your results to a var? You are using mysqli::prepare but I don't see the result of the select binded to any variables:
http://php.net/manual/en/mysqli-stmt.bind-result.php

mysqli Object returned instead of result

I am running
$this->db->query("SELECT `id` FROM $table WHERE $table.id ='$product_id'");
that should return 92 but its returning the below why?
object(CI_DB_mysqli_result)#150 (8) { ["conn_id"]=> object(mysqli)#16
(18) { ["affected_rows"]=> int(1) ["client_info"]=> string(6) "5.5.30"
["client_version"]=> int(50530) ["connect_errno"]=> int(0)
["connect_error"]=> NULL ["errno"]=> int(0) ["error"]=> string(0) ""
["field_count"]=> int(1) ["host_info"]=> string(25) "Localhost via
UNIX socket" ["info"]=> NULL ["insert_id"]=> int(0) ["server_info"]=>
string(10) "5.5.31-cll" ["server_version"]=> int(50531) ["stat"]=>
string(150) "Uptime: 106781 Threads: 14 Questions: 30097132 Slow
queries: 13 Opens: 1937675 Flush tables: 1 Open tables: 400 Queries
per second avg: 281.858" ["sqlstate"]=> string(5) "00000"
["protocol_version"]=> int(10) ["thread_id"]=> int(373292)
["warning_count"]=> int(0) } ["result_id"]=> object(mysqli_result)#161
(5) { ["current_field"]=> int(0) ["field_count"]=> int(1)
["lengths"]=> NULL ["num_rows"]=> int(1) ["type"]=> int(0) }
["result_array"]=> array(0) { } ["result_object"]=> array(0) { }
["custom_result_object"]=> array(0) { } ["current_row"]=> int(0)
["num_rows"]=> NULL ["row_data"]=> NULL}
It is returning mysqli_ object.So Try to get the result like
$query = $this->db->query("SELECT `id` FROM $table WHERE $table.id ='$product_id'");
$result = $query->result();
foreach($result as $row)
{
echo "Id is ".$row['id']."<br>";
}
And it is appreciable that you are using mysqli_* functions instead of deprecated mysql_* functions
It's returning a mysqli_result object, exactly as the manual says it does.
To get the actual id you need to call fetch_assoc() (or similar) on the object.
if ($result = $this->db->query("SELECT id FROM $table WHERE $table.id ='$product_id'")) {
/* fetch associative array */
while ($row = $result->fetch_assoc()) {
printf ("Fetched ID: %s\n", $row["id"]);
}
/* free result set */
$result->free();
}
Basically the statement:
$this->db->query("SELECT 'id' FROM $table WHERE $table.id ='$product_id'");
returns an object that can be used to extract the result set or table and assigned to a variable... so you need to create a variable and assign the result set to it as:
$mysqli = new mysqli("localhost","rinonymous","03318987165oo","rinonymous");
if ($mysqli->connect_errno) {
print_r($mysqli->connect_error);
exit();
}
$site_title = "Rinonymous";
$page_title = "";
$page_body = "";
#Page Setup
$query_page_info = "select * from pages where id = 1";
foreach ($mysqli->query($query_page_info) as $row) {
print_r($mysqli->query($query_page_info));
#query method returns an associate array
print_r($row);
$page_title = $row['title'];
$page_body = $row['body'];
}

PHP mysqli prepare statement not working

I am using a mysqli prepare statement to query my db with multiple constraints. I have ran the code in a test file of mine and it works perfectly fine. However, when I move the code over to my live file it throws the error below:
PHP Warning: mysqli_stmt::bind_result(): Number of bind variables
doesn't match number of fields in prepared statement in
C:\wamp\www\firecom\firecom.php on line 80
PHP Notice: Undefined variable: results in
C:\wamp\www\firecom\firecom.php on line 89
Both parameters are being set correctly but something is throwing it off.
Code:
$query = $mysqli->prepare("SELECT * FROM calls WHERE wcccanumber = ? && county = ?");
$query->bind_param("ss", $wcccanumber, $county);
$query->execute();
$meta = $query->result_metadata();
while ($field = $meta->fetch_field()) {
$parameters[] = &$row[$field->name];
}
call_user_func_array(array($query, 'bind_result'), $parameters);
while ($query->fetch()) {
foreach($row as $key => $val) {
$x[$key] = $val;
}
$results[] = $x;
}
print_r($results['0']);
$query var_dump:
object(mysqli_stmt)#27 (10) { ["affected_rows"]=> int(-1) ["insert_id"]=> int(0) ["num_rows"]=> int(0) ["param_count"]=> int(2) ["field_count"]=> int(13) ["errno"]=> int(0) ["error"]=> string(0) "" ["error_list"]=> array(0) { } ["sqlstate"]=> string(5) "00000" ["id"]=> int(1) }
Why torture yourself with mysqli?
In PDO you will need none of these horrendous codes, but only one line to get the results
$query = $pdo->prepare("SELECT * FROM calls WHERE wcccanumber = ? && county = ?");
$query->execute(array($wcccanumber, $county));
$results = $query->fetchAll();
print_r($results[0]);

Categories