I have two stored procedures in my database Postgres, both have the same name but the difference are the parameters.
procedure1(::string, ::integer, ::string, ::integer)
procedure1(::string, ::integer, ::integer)
In PDO doing bindParam correct, is coming STR, INT, INT but the prepere always performs procedure1.
How do I get him to understand what I call the procedure2?
Some information for more help? I clear? thanks
EDIT ===
...
$bounds = null; // forced for debug
if(!is_null($bounds)){
$query = "SELECT procedure1(:name, :domain, :geo, :userid)";
$stmt = $db->prepare($query);
$stmt->bindParam('name', $name, PDO::PARAM_STR);
$stmt->bindParam('domain', $idDomain, PDO::PARAM_INT);
$stmt->bindParam('geo', $geoString, PDO::PARAM_STR);
$stmt->bindParam('userid', $userId, PDO::PARAM_INT);
}else{
$query = "SELECT procedure1(:name, :domain, :userid)";
$stmt = $db->prepare($query);
$stmt->bindParam('name', $name, PDO::PARAM_STR);
$stmt->bindParam('domain', $idDomain, PDO::PARAM_INT);
$stmt->bindParam('userid', $userId, PDO::PARAM_INT);
}
$result = $stmt->execute();
...
The error it gives is that he is running a procedure that requires four parameters
Try changing your $query statements to explicitly tell PDO the types, and to avoid extra code switch to bindValue (PDO uses the PARAM flags to format SQL, not to cast data types):
$bounds = null; // forced for debug
if(!is_null($bounds)){
$query = "SELECT procedure1(:name::VARCHAR, :domain::INTEGER, :geo::VARCHAR, :userid::INTEGER)";
$stmt = $db->prepare($query);
$stmt->bindValue('name', $name);
$stmt->bindValue('domain', $idDomain);
$stmt->bindValue('geo', $geoString);
$stmt->bindValue('userid', $userId);
}else{
$query = "SELECT procedure1(:name::VARCHAR, :domain::INTEGER, :userid::INTEGER)";
$stmt = $db->prepare($query);
$stmt->bindValue('name', $name);
$stmt->bindValue('domain', $idDomain);
$stmt->bindValue('userid', $userId);
}
$result = $stmt->execute();
Related
I hope you can help. I am trying to use the AES_ENCRYPT on my update query but I am unable to get it to work.
I am trying to encrypt the first_name variable but when I run the query it refuses to update the field. When I remove the AES_ENCRYPT method from the update query it works absolutely fine.
My current code looks as follows:
if(!define('SALT')) define('SALT','4a7s3n3j93n98lk');
$sql = "UPDATE cases
SET first_name=?,
last_name=?
WHERE cases_id=?";
$query = $db->prepare($sql);
$query->execute(array(
AES_ENCRYPT('$first_name','".SALT."'),
$last_name,
$id));
$db = null;
I managed to fix my AES_ENCRYPT update query issue with the following revision:
$encrypt_key = '4a7s3n3j93n98lk';
$statement = $db->prepare("UPDATE cases SET
first_name = AES_ENCRYPT(:first_name, '$encrypt_key'),
last_name = AES_ENCRYPT(:last_name, '$encrypt_key'),
WHERE cases_id = :id");
$statement->bindParam(':id', $id, PDO::PARAM_INT);
$statement->bindParam(':first_name', $first_name, PDO::PARAM_STR);
$statement->bindParam(':last_name', $last_name, PDO::PARAM_STR);
$statement->execute();
$db = null;
First, according to another SO post, I tried combining the two statements into one.
<?php
$conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
$sql = "UPDATE users SET pass = :password WHERE usrn = :id;
SELECT prim FROM users WHERE usrn = :id;";
$stmt = $conn->prepare($sql);
$stmt->bindParam(":id", $_SESSION["idPersist"]);
$stmt->bindParam(":password", password_hash($_POST["password"], PASSWORD_DEFAULT));
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC); //// line 71
?>
However, this kept throwing the error: Fatal error: Uncaught PDOException: SQLSTATE[HY000]: General error on line 71.
I couldn't find any relevant solutions to this issue, so I decided to simply split up the two statements.
<?php
$sql = "UPDATE users SET pass = :password WHERE usrn = :id";
$stmt = $conn->prepare($sql);
$stmt->bindParam(":id", $_SESSION["idPersist"]);
$stmt->bindParam(":password", password_hash($_POST["password"], PASSWORD_DEFAULT));
$stmt->execute();
$sql = "SELECT prim FROM users WHERE usrn = :id";
$stmt = $conn->prepare($sql);
$stmt->bindParam(":id", $_SESSION["idPersist"]);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$_SESSION["session"] = $result["prim"];
?>
But a var_dump($result) is returning Bool(false), so obviously something is not working right with fetching the result and storing it as a variable, it seems, in both cases.
I'm new to PHP and MySQL, so I'm at a loss right now.
Change this,
$sql = "SELECT prim FROM users WHERE usrn = :id";
$stmt = $conn->prepare($sql);
$stmt->bindParam(":id", $_SESSION["idPersist"]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$_SESSION["session"] = $result["prim"];
To this,
$sql = "SELECT prim FROM users WHERE usrn = :id";
$stmt = $conn->prepare($sql);
$stmt->bindParam(":id", $_SESSION["idPersist"]);
$stmt->execute(); // Your problem
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$_SESSION["session"] = $result["prim"];
You are missing the execution of the query.
I'm converting my mysql to an OO mysqli.
So, I'm not sure about the syntax, if I need to repeat code like below.
I have a php page like this:
<?php
...
$mysqli = new mysqli($hostname, $user, $pass, $bd);
//first a select:
$stmt = $mysqli->prepare("SELECT user FROM cad WHERE user = ?");
$stmt->bind_param('s', $user);
$stmt->execute();
$result = $stmt->get_result();
$stmt->close();
$num = $result->num_rows;
if($num > 0){...}
//an update
$stmt = $mysqli->prepare("UPDATE cadastro SET `user` = ?");
$stmt->bind_param('s', $user);
$stmt->execute();
$stmt->close();
//an insert
$stmt = $mysqli->prepare("INSERT INTO cad (user) VALUES (?)");
$stmt->bind_param('s', $user);
$stmt->execute();
$stmt->close();
//second select
$stmt = $mysqli->prepare("SELECT user FROM cad WHERE user = ? and id=0");
$stmt->bind_param('s', $user);
$stmt->execute();
$result = $stmt->get_result();
$stmt->close();
$num = $result->num_rows;
if ($num==0){...do something...}
...
?>
My question is, is it right? The structure is right?
prepare
bind
execute
get result
close...
prepare
bind
execute
close...
...
Or can I be more economic or do it in a optimal way?
I have the following code:
$selectUserQuery = 'SELECT email_address, password FROM user WHERE email_address = :email_address AND password = :password';
$prepSelectUser = $conn->prepare($selectUserQuery);
/*
* HOW DO I ADD MULTIPLE PARAMETERS TO THIS BINDPARAM() FUNCTION?
*/
$prepSelectUser->bindParam(':email_address', $email, PDO::PARAM_INT);
$prepSelectUser->execute();
$userResult = $prepSelectUser->fetchAll();
$userCount = count($userResult);
How can I add multiple parameters to the bindParam() function?
You don't actually need this function at all. as well as most of other code you used.
$sql = 'SELECT 1 FROM user WHERE email_address = ? AND password = ?';
$stmt = $conn->prepare($sql);
$stmt->execute([$email, $password]);
$userCount = $stmt->fetchColumn();
First, change
$prepSelectUser->bindParam(':email_address', $email, PDO::PARAM_INT);
to
$prepSelectUser->bindParam(':email_address', $email, PDO::PARAM_STR);
then call another bindParam, like
$prepSelectUser->bindParam(':password', $password, PDO::PARAM_STR);
$stmt = $connection->prepare("SELECT id FROM articles WHERE position =? LIMIT 1");
$stmt-> bind_param('i',$call );
$stmt->execute();
$result = $stmt->fetch();
$oldpostid = $result;
$stmt->close();
I don't see anything wrong with it, but it is returning 1 or nothing. $call is set and integer. I tried this too:
$stmt = $connection->prepare("SELECT * FROM articles WHERE position =? LIMIT 1");
$oldpostid = $result['id'];
Assuming this is all working you need to bind the result variables as well. mysqli_stmt_fetch returns a boolean:
$stmt->execute();
$stmt->bind_result($id);
$stmt->fetch();
$oldpostid = $id;
You seem to be mixing mysqli & PDO. The first line is PDO
$stmt = $connection->prepare("SELECT id FROM articles WHERE position =? LIMIT 1");
The next line is mysqli
$stmt-> bind_param('i',$call );
Should be for PDO the unnamed variables in place holder Manual Example 4
$stmt-> bindParam(1,$call );
$stmt->execute();
OR using array
$stmt->execute(array($call));