$query = "INSERT INTO users (name, password) VALUES ('$myusername', '$mypassword')";
if (!($result = $mysqli->query($query)))
die("WHAT???? " . $mysqli->error . " EEEEEFFFFFFF.");
$count = $result->num_rows;
while ($row = $result->fetch_array()) {
if ($row[name] == $myusername) {
$mysqli->query("DELETE FROM users WHERE name='$myusername' AND password='$mypassword'");
$count = 5;
}
}
When I run this, it gives me an error:
Fatal error: Call to a member function fetch_array() on a non-object in /home/appstore/public_html/phpstoof/signedup.php on line 26
Where line 26 is where the while statement starts (while(x)). $mysqli ALREADY an instance of mysqli(). I don't see the how this is an error if the same code works on another file.
An INSERT statement has nothing to fetch.
As #mellamokb says, INSERT has nothing to fetch. Also you have used a mix of MySQL and MySQLi.
With MySQLi, the code should be like:
$mysqli = new mysqli($db_host, $db_username, $db_password, $db_database);
$str_sql = 'INSERT INTO users (name, password) VALUES (?, ?)';
// Create a prepared statement
$stmt = $mysqli->prepare($str_sql);
// Bind parameters for markers; same order and same count in prepared statement
$stmt->bind_param('ss', $myusername, $mypassword);
// Execute query
$stmt->execute();
// *************************************************************************
// If you're using a SELECT statement, each output field must be bound to
// a variable in the same order as in SELECT
// Bind result variables
$stmt->bind_result($_var1, $_var2, $_var3, ...);
// Fetch results and generate output as an associative array
while ($stmt->fetch())
{
// Handle $_var1, $_var2, $_var3, ...
}
// *************************************************************************
// Free stored result memory
$stmt->free_result();
// Close statement
$stmt->close();
// Close connection
$mysqli->close();
Related
I had some Prepared Statements working in PHP using mysqli. The requirements changed and now I'm supposed to move them to the DB, as Stored Procedures. This worked fine for most of the PSs, except for a couple that read the insertId for some further processing.
Ex:
$idAsdf = $stmtAsdf->insert_id;
where the PS performs an INSERT operation.
I've tried using an OUT parameter on the procedure which works fine on PHPMyAdmin, but can't connect it with the PHP server code outside the DB. I haven't found any example of this combination of elements being done. How can I get this insertId using both SPs and PSs?
Thanks
For PDO Prepared Statement you can use PDO::lastInsertId -http://php.net/manual/en/pdo.lastinsertid.php
<?php
try {
$dbh = new PDO('mysql:host=localhost;dbname=test', 'username', 'password');
$stmt = $dbh->prepare("INSERT INTO test (name, email) VALUES(?,?)");
try {
$dbh->beginTransaction();
$tmt->execute( array('user', 'user#example.com'));
print $dbh->lastInsertId();
$dbh->commit();
} catch(PDOExecption $e) {
$dbh->rollback();
print "Error!: " . $e->getMessage() . "</br>";
}
} catch( PDOExecption $e ) {
print "Error!: " . $e->getMessage() . "</br>";
}
?>
Just remember when using transaction return lastInsertId or store lastInsertId before commit.
For Stored Procedure - use LAST_INSERT_ID();
BEGIN
INSERT INTO test (name, email) VALUES ('value1', 'value2');
SET out_param = LAST_INSERT_ID();
END
EDIT 1 :
If you using MySQLi - then use mysqli_insert_id - http://php.net/manual/en/mysqli.insert-id.php
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$stmt = mysqli->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);
// set parameters and execute
$firstname = "John";
$lastname = "Doe";
$email = "john#example.com";
$stmt->execute();
printf ("New Record has id %d.\n", $stmt->insert_id);
/* close connection */
$mysqli->close();
If facing problem with out_param, use select to return last insert id as result.
BEGIN
DECLARE last_id INT DEFAULT 0;
INSERT INTO test (name, email) VALUES ('value1', 'value2');
SET last_id = LAST_INSERT_ID();
SELECT last_id;
END
EDIT 2 :
If you are facing problem in retrieving Stored Procedure result set use following code -
if ($mysqli->multi_query($query)) {
do {
/* store first result set */
if ($result = $mysqli->store_result()) {
while ($row = $result->fetch_row()) {
printf("%s\n", $row[0]);
}
$result->free();
}
/* print divider */
if ($mysqli->more_results()) {
printf("-----------------\n");
}
} while ($mysqli->next_result());
}
To access the out param use follwing code -
// execute the stored Procedure
// #uid - IN param, #userCount - OUT param
$result = $connect->query('call IsUserPresent(#uid, #userCount)');
// getting the value of the OUT parameter
$r = $connect->query('SELECT #userCount as userCount');
$row = $r->fetch_assoc();
$toRet = ($row['userCount'] != 0);
insert_id is a property of mysqli class, while you are trying to get it from a statement object.
inside SP you can set like this outParam = LAST_INSERT_ID();
LAST_INSERT_ID() returns the most recently generated ID is maintained in the server on a per-connection basis.
Here is my code
$stmt = $mysqli->prepare("SELECT * FROM `accountsToDo` WHERE `OKrname` = ?");
$stmt->bind_param("s", $OKCUsername);
/* execute prepared statement */
$stmt->execute();
if ($stmt->affected_rows > 0){
echo "Exists";
} else {
$stmt = $mysqli->prepare("INSERT INTO `accountsToDo`(`percentageOfMessages`, `RemoveDeletedAccounts`, `RemoveNoReply`, `RemoveNoResponse`, `minMatchPercent`, `minDistance`, `maxDistance`, `blacklistUsernames`, `userEmail`, `OKrname`, `OKword`) VALUES (?,?,?,?,?,?,?,?,?,?,?)");
$stmt->bind_param("iiiiiiissss", $percentageOfMessages, $RemoveDeletedAccounts, $RemoveNoReply, $RemoveNoResponse, $minMatchPercent, $minDistance, $maxDistance, $blacklistUsernames, $userEmail, $OKrname, $OKword);
$stmt->execute();
}
/* close statement and connection */
$stmt->close();
/* close connection */
$mysqli->close();
But now I'm getting the error,
Call to a member function bind_param() on boolean in line 147.
Line 147 is
$stmt->bind_param("iiiiiiissss", $percentageOfMessages, $RemoveDeletedAccounts, $RemoveNoReply, $RemoveNoResponse, $minMatchPercent, $minDistance, $maxDistance, $blacklistUsernames, $userEmail, $OKrname, $OKword);
If all you are doing is inserting into a todo table if the master table doesn't have a matching row, you don't need two statements.
INSERT INTO `accountsToDo`
(`percentageOfMessages`, `RemoveDeletedAccounts`,
`RemoveNoReply`, `RemoveNoResponse`, `minMatchPercent`,
`minDistance`, `maxDistance`, `blacklistUsernames`,
`userEmail`, `OKrname`, `OKword`)
VALUES (?,?,?,?,?,?,?,?,?,?,?)
WHERE NOT EXISTS (SELECT 1 FROM `accountsToDo` WHERE `OKrname` = ?);
Bind your params and you have save a call to the db. This has the advantage that "SELECT 1" acts as a cut operator so it is only evaluated until it finds the first TRUE.
You are missing a space between table name and a list of fields in your $mysqli->prepare
Try this:
$stmt = $mysqli->prepare("INSERT INTO `accountsToDo`
(`percentageOfMessages`,`RemoveDeletedAccounts`,
`RemoveNoReply`, `RemoveNoResponse`,
`minMatchPercent`, `minDistance`,
`maxDistance`, `blacklistUsernames`,
`userEmail`, `OKrname`, `OKword`)
VALUES (?,?,?,?,?,?,?,?,?,?,?)");
According to manual $mysqli->prepare will return FALSE if statement caused an error
UPDATE
Looks like your $mysqli->prepare is expecting 11 variables and you are trying to bind 12
The issue was that I didn't have
$stmt->store_result();
above the first $stmt->execute();
I have tried to insert two insert intos through a transaction statement but it did not work. The console is giving me database errors. I have checked the documentation http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers and it is obvious I am missing something.
The goal is simply insert into two different tables different information. I tried the following:
// create record
function create(){
try {
$stmt->beginTransaction();
$query = "INSERT INTO " . $this->table_name . "
SET user_id = ?, ";
// prepare query statement
$stmt = $this->conn->prepare($query);
// bind values to be inserted
$stmt->bindParam(1, $this->user_id);
$stmt->execute();
$query2 = "INSERT INTO legalcases_report
SET user_id = ?, ";
// prepare query statement 2
$stmt = $this->conn->prepare($query2);
$stmt->bindParam(1, $this->user_id);
$stmt->execute();
$stmt->commit();
return true;
} catch (Exception) {
$stmt->rollBack();
return false;
}
}
There are lots of problems in this code, I hope I can catch them all
// create record
function create(){
try {
// transaction work on a connection and not a statement
//$stmt->beginTransaction();
$this->conn->beginTransaction();
// Incorrect syntax for an INSERT command
// Error - Trailing comma in sytax
$query = "INSERT INTO " . $this->table_name . "
SET user_id = ?, ";
// prepare query statement
$stmt = $this->conn->prepare($query);
// bind values to be inserted
$stmt->bindParam(1, $this->user_id);
$stmt->execute();
// Incorrect syntax for an INSERT command
// Error - Trailing comma in sytax
$query2 = "INSERT INTO legalcases_report
SET user_id = ?, ";
// prepare query statement 2
$stmt = $this->conn->prepare($query2);
$stmt->bindParam(1, $this->user_id);
$stmt->execute();
// commit also works on a connection object
//$stmt->commit();
$this->conn->commit();
return true;
// PDO generates a PDOException so you should really catch that,
// it will fallback to the parent Exception object, BUT
// there may be times when you want to catch them seperately
// from the same try block, so use the correct one or both
} catch (PDOException $pex) {
$this->con->rollback();
$pex->getMessage();
exit; // because you have a serious problem
// or throw your own exception to the calling code
throw new Exception('Create user failed ' . $pex->getMessage());
}
}
Incorrect syntax for an INSERT command
The PHP PDO manual
I guess you should use PDO object, not PDOStatement:
try {
$this->conn->beginTransaction();
...
$this->conn->commit();
Below is my code.I want to access the last inserted id. Since I use static connection variable , it gives me error accesssing it in this way:
$insertedId = $stmt->connection::$pdo->lastInsertId() ;
public function addCar()
{
$this->rate=$param6;
if(!empty($this->name))
{
$sql="INSERT INTO car(car_name,car_maker,car_type,car_colour,num_passanger)VALUES('{$this->name}','{$this->maker}', '{$this->type}','{$this->colour}','{$this->passanger}')";
$stmt =connection::$pdo->prepare($sql);
$stmt->execute();
echo "inserted id ".$insertedId = $stmt->lastInsertId() ;
}
//$this->rentalRate();
}
UPDATE:
Simple way to use the lastInsertId() is:
// your connection with database
$con = new PDO("mysql:host=$hostname;dbname=$dbname",$dbuser,$dbpass);
// insert query
$query = "INSERT INTO tbl_name SET col_name1 = ?, col_name2 = ?";
// '$con' is your PDO connection variable
$stmt = $con->prepare($query);
$stmt->bindParam(1, $variable1); // value for col_name1 to be stored
$stmt->bindParam(2, $variable2); // value for col_name2 to be stored
$stmt->execute();
....
// gives current inserted id
$lastId = $con->lastInsertId();
In your case try: $lastId = connection::$pdo->lastInsertId();
It does not print the result. Dont know why. Everything is neatly commented
I get no error displays, no syntax blasphemes, it just does not print any result. However, I do know that the values are passed by the form to this processing php page, so the error is not in there. In the DB I have encrypted all fields except 'company'- Thus, I want to see if this will work by trying to fetch the results back.
// 1. Creating a new server connection
$db = new mysqli('localhost', 'root', '', 'developers');
if ($db->connect_errno) {
printf("Connect failed: %s\n", $mysqli->connect_error);
exit();
}
// 2, Creating statement object
$stmt = $db->stmt_init();
// 3, Creating a prepared statement
if($stmt->prepare("SELECT company FROM accesoweb WHERE username = AES_DECRYPT(?, 'salt')")) {
//4. Binding the variable to replace the ?
$stmt->bind_param('s', $username);
printf("Error: %d.\n", $stmt->errno);
// 5. Executing query
$stmt->execute();
// 6. Binding the result columns to variables
$stmt->bind_result($company);
// 7. Fetching the result of the query
while($stmt->fetch()) {
echo $company;
}
// 8. Closing the statement object
$stmt->close();
// 9. Closing the connection
$mysqli->close();
}
The inserting code that I just included in the MySQL was:
INSERT INTO accesoweb (company, username,email,password)
VALUES
('hola',
AES_ENCRYPT('maria','salt'),
AES_ENCRYPT('sumail','salt'),
AES_ENCRYPT('password',' salt')
);
So, that row above(actually, the "company" is what I am trying to recover through the PHP code
SELECT company FROM accesoweb WHERE username = AES_DECRYPT(?, 'salt')
Should be
SELECT company FROM accesoweb WHERE username = AES_ENCRYPT(?, 'salt')
OR
SELECT company FROM accesoweb WHERE AES_DECRYPT(username, 'salt') = ?