This question already has answers here:
How to include a PHP variable inside a MySQL statement
(5 answers)
Closed 3 years ago.
I have a mysqli query with the following code:
$db_usag->query("UPDATE Applicant SET phone_number ='$phone_number',
street_name='$street_name', city='$city', county='$county', zip_code='$zip_code', day_date='$day_date', month_date='$month_date',
year_date='$year_date' WHERE account_id='$account_id'");
However all the data is extracted from HTML documents so to avoid errors I would like to use a prepared statement. I found PHP documentation on bind_param() but there is no UPDATE example.
An UPDATE works the same as an insert or select. Just replace all the variables with ?.
$sql = "UPDATE Applicant SET phone_number=?, street_name=?, city=?, county=?, zip_code=?, day_date=?, month_date=?, year_date=? WHERE account_id=?";
$stmt = $db_usag->prepare($sql);
// This assumes the date and account_id parameters are integers `d` and the rest are strings `s`
// So that's 5 consecutive string params and then 4 integer params
$stmt->bind_param('sssssdddd', $phone_number, $street_name, $city, $county, $zip_code, $day_date, $month_date, $year_date, $account_id);
$stmt->execute();
if ($stmt->error) {
echo "FAILURE!!! " . $stmt->error;
}
else echo "Updated {$stmt->affected_rows} rows";
$stmt->close();
Related
This question already has answers here:
How to include a PHP variable inside a MySQL statement
(5 answers)
Closed 3 years ago.
The following code intends to select a value from a table in a
database, use the selected value to change a variable, and then add
that variable to another table in the database. However, I cannot
figure out why it doesn't work - the $entry query runs, but the
application doesn't recognize the $sql query for some reason. Can
anyone help me, please?
$sql = "SELECT calories FROM food WHERE name = $food";
$result = $conn->query($sql);
if ($serving_size == 'Plate'){
$calories = $amount * $result;
}
if ($serving_size == 'Bowl'){
$calories = $amount * $result * 2/3;
}
$entry = $conn->prepare("INSERT INTO data (`Food/Exercise`, `Quantity`, `Calories_Burned_or_Consumed`, `Number_of_Calories`) VALUES (?, ?, ?, ?)");
$entry->bind_param("sssi", $food, $quantity, $consumed, $calories);
if($entry->execute()){
echo 'Inserted';
} else {
echo 'Not Inserted';
}
Is $food actually defined, and is it quoted? If there are no quotes around the string it will be considered a column name here and the query will not match anything.
This query actually is prone to SQL injections, params should be used just like you do below.
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Why does this PDO statement silently fail?
(2 answers)
Closed 4 years ago.
Doing the query manually in PHPMyAdmin
INSERT INTO productimages (ImageURL, productID)
VALUES('http://test.jpg', (SELECT id
FROM products
WHERE products.MPN = 'test'));
Works just fine.
But trying to use PDO...
try {
$sql = "INSERT INTO productimages (ImageURL, productID)
VALUES(':image_url', (SELECT id
FROM products
WHERE products.MPN = ':mpn'));";
$data = [
'image_url' => $image_url,
'mpn' => $mpn
];
$stmt = $conn->prepare($sql);
$stmt->execute($data);
}
catch(PDOException $e)
{
echo '<h2 style="color:red;">' . $e->getMessage() . '</h2>';
}
I am always getting this error:
SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens
How do I properly form this INSERT query to perform with PDO?
This question already has answers here:
Can I bind an array to an IN() condition in a PDO query?
(23 answers)
MySQLi Bind Param with an array for IN [duplicate]
(2 answers)
Closed 5 years ago.
I can not figure out how I can prepare my select statement.
$query = "SELECT name, art FROM table_one WHERE name LIKE ? AND art IN ?";
if ($stmt = $db_link->prepare($query)) {
$stmt->bind_param("ss", $name, $art);
$stmt->execute();
if ($stmt->errno){
//Deal with error
}
$name = "%Marc%";
$art = "('green', 'blue', 'red')";
$stmt->execute();
$stmt->bind_result($name, $art);
while ($stmt->fetch()){
//Output data
}
}
So the problem is, that something does not work with the syntax in the prepared statement. This is my first attempt at preparing statements.
I had the query working before without using a prepared statement, but I am forced to use that now.
The old query looked like this:
$query = "SELECT name, art FROM table_one WHERE name LIKE '%$name%' AND art IN ('$art')";
Thank you for your help.
This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 5 years ago.
I have this code to get a COUNT DISTINCT data:
$param = 'email';
$stmt = $conn->stmt_init();
$stmt = $conn->prepare("SELECT COUNT(DISTINCT(?)) FROM contatos");
$stmt->bind_param('s',$param);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($count);
while ($stmt->fetch()) {
echo $count;
}
But echo $count always returns 1, but i have dozens of records...
What is wrong?
Thanks
Binding is not allowed for column names (or table names). Your query is not executing correctly. You need to directly pass the name of the field.
$stmt = $conn->prepare("SELECT COUNT(DISTINCT(email)) FROM contatos");
This question already has answers here:
mysqli last insert id
(3 answers)
Closed 6 years ago.
How to get the id of the last inserted query using prepared statement ?
I wrote some PHP but I only get "0" as a result.
I tried to use the answer from this question : Similar question on SO
$locationName = $_GET['locationName'];
$locationResume = $_GET['locationResume'];
$sql = "INSERT INTO location (locationTitle, locationResume) VALUES (?,?);";
if ($locationName != null && $locationResume != null ) {
if ($stmt = $con->prepare($sql)) {
$stmt->bind_param("ss", $locationName, $locationResume);
$locationId = $con->insert_id;
#$locationId = $con->execute();
echo $locationId;
}
}
Thank you for your help.
You can get last_insert_id only after query execution.