Ok so i want to do a prepared insert such as:
prepare("INSERT INTO `analyzeditemsdetails` SET
analyzeditem_id = ? ,
start_time = ? ,
end_time = ?
");
start_time and end_time are stored in the database as sql dates. Fill in the ?'s in this next statement:
$stmt->bind_param('i??',
$this->sqlid,
$item['start_time'],
$item['end_time']
);
So basically what do I put in a bind_param method call for sql dates???
I think it would be s (string).
$stmt->bind_param('iss',
$this->sqlid,
$item['start_time'],
$item['end_time']
);
Related
I am into situation where i dont know which fields would be set to update , i can get the columns and respected values which need to updated, but how can i get the type of each field for binding parameters using mysqli ?
UPDATE City SET Name = ?,CountryCode = ?,District = ? WHERE 1
Lets say this is the query i got as for now .. and I would something like this to update ..
$stmt = $conn->stmt_init();
if($stmt->prepare($query)) {
$stmt->bind_param('sss', $name, $countrycode, $district);
$stmt->execute();
}
but what if i dont know 'sss' ( in dynamic context ) ?
You can use string for everything. MySQL will convert strings to numbers when necessary. Just as you can do something like:
SET id = '123'
when writing a regular query.
I am wondering if mysqli works when binding a column reference +1 type of field. Example.
UPDATE `table` SET `sys-helpful-yes` = `sys-helpful-yes`+1 WHERE `id` = 1;
When using mysqli bind parameters, it doesn't add the one.
UPDATE `table` SET `sys-helpful-yes` = ? WHERE `id` = 1;
I am trying to bind
`sys-helpful-yes`+1
Wondering if anyone has a workaround.
What about
UPDATE `table` SET `sys-helpful-yes` = `sys-helpful-yes`+ ? WHERE `id` = 1;
and then, of course, only bind 1 ...
(not tested) ?
here i am trying to insert a record as well as retrive last inserted sequence id but didn't get any success can anybody help me , guide me that how oracle works with php ?
$query = 'INSERT INTO hist_news (id,headline,reportedon,reportedby,loc,story,more,helperjson,refjson,createdt,createdby) VALUES(id.nextval, :headline, :reportedon, :reportedby , :loc , :story , :more , :helper , :ref , sysdate , :createdby) return id.nextval';
$this->stmt = oci_parse($this->oci,$query);
oci_bind_by_name($this->stmt,':headline',$headline);
oci_bind_by_name($this->stmt,':reportedon',$reportedon);
oci_bind_by_name($this->stmt,':reportedby',$reportedby);
oci_bind_by_name($this->stmt,':loc',$loc);
oci_bind_by_name($this->stmt,':story',$story);
oci_bind_by_name($this->stmt,':more',$more);
oci_bind_by_name($this->stmt,':helper',$helperjson);
oci_bind_by_name($this->stmt,':ref',$refjson);
if($re = oci_execute($this->stmt)){
return $re;
} else {
return false;
}
After the insert statement you can execute select id.currval from dual. This should give you the latest value. Do note that this will only work only in the current session after you have fetched the nextval and cannot be used by itself.
add the following to your insert SQL query:
returning id into :id
Example:
$query = 'INSERT INTO hist_news (id,headline,reportedon,reportedby,loc,story,more,helperjson,refjson,createdt,createdby) VALUES(id.nextval, :headline, :reportedon, :reportedby , :loc , :story , :more , :helper , :ref , sysdate , :createdby) returning id into :id';
And bind this to your statement
oci_bind_by_name($this->stmt,":ID",$id);
Now $id will have the last inserted ID after oci_execute($this->stmt) is executed;
This method works well with OCI8.
I'm having trouble converting this now() + INTERVAL INSERT statement to a PDO prepared statement with named placeholders.
When I bind the value using either 'now() + INTERVAL 3 DAY' or 'DATE_ADD(now(), INTERVAL 3 DAY)', it inserts 000's instead of the correct datetime (0000-00-00 00:00:00)
This is what I was previously using:
$qry = "INSERT INTO password_reset(user_id, temp_password, expiry_date)
VALUES('$member_user_id','$temp_password', now() + INTERVAL 3 DAY)";
New PDO Statement:
$stmt = $conn->prepare('INSERT INTO password_reset (user_id, temp_password, expiry_date)
VALUES(:user_id, :temp_password, :expiry_date)');
$stmt->bindValue(':user_id', $member_user_id);
$stmt->bindValue(':temp_password', $random_password);
$stmt->bindValue(':expiry_date', 'now() + INTERVAL 3 DAY');
$insertResult = $stmt->execute();
I've also tried this:
$stmt->bindValue(':expiry_date', 'DATE_ADD(now(), INTERVAL 3 DAY)');
Alternate method proposed in several SO postings
Several SO postings (including this link) suggested putting the now() statement in the VALUES instead of binding it, but that causes an error message 'Invalid parameter number: number of bound variables does not match number of tokens'
$stmt = $conn->prepare('INSERT INTO password_reset (user_id, temp_password, expiry_date)
VALUES(:user_id, :temp_password, :now() + INTERVAL 3 DAY)');
$stmt->bindValue(':user_id', $member_user_id);
$stmt->bindValue(':temp_password', $random_password);
$insertResult = $stmt->execute();
Remove the colon from :now() + INTERVAL 3 DAY.
$stmt = $conn->prepare('INSERT INTO password_reset (user_id, temp_password, expiry_date)
VALUES(:user_id, :temp_password, now() + INTERVAL 3 DAY)');
$stmt->bindValue(':user_id', $member_user_id);
$stmt->bindValue(':temp_password', $random_password);
$insertResult = $stmt->execute();
Alternatively, you could do this:
$stmt = $conn->prepare('
INSERT INTO
password_reset (user_id, temp_password, expiry_date)
VALUES
(:user_id, :temp_password, now() + INTERVAL 3 DAY)
');
$insertResult = $stmt->execute(array(
":user_id" => $member_user_id,
":temp_password" => $random_password)
);
When working with Prepared Statements, you should think of the statement as being a template to plug data into.
If you have a database table with the structure:
user_id INT
temp_password VARCHAR(128)
expiry_date DATE
You have three columns in your table. Two of the values to insert into these columns will come from PHP, and the other will be evaluated by SQL. Since SQL will be doing all the work on the expiry_date column, it doesn't need to be bound to anything in PHP.
So, examining the INSERT statement:
INSERT INTO password_reset (user_id, temp_password, expiry_date) VALUES (:user_id, :temp_password, now() + INTERVAL 3 DAY)
Each parameter of the VALUES() clause needs to match up to a declared column name in the INSERT INTO table (columns...) clause.
In prepared statements, since we are creating a template, we use placeholders to show where we will be inserting values into the statement as it is executed. Placeholders can be either the :name version that you have used, or simply a question mark ?.
PDO::prepare($statement) tells the SQL server to prepare the statement. At that point, SQL has the template for your query, and is ready to receive the values for the placeholders in that query.
PDOStatement::execute($placeholderValues) executes a single instance of that prepared statement, substituting the placeholders with the values you have either bound with bindParam, bindValue, or passed as the argument to execute().
So, basically, all that is being sent to the SQL server on each execute() are the values to plug into the placeholders, instead of an entire query string.
Now comes the part that explains why you weren't able to bindValue(":expiry_date", "now() + INTERVAL 3 DAY").
When the values get to the SQL server, SQL server sanitizes them and replaces the respective placeholder with their value.
When you bind "now() + INTERVAL 3 DAY", you are actually binding a string. Since it is a string, it doesn't get executed as SQL code.
You have a colon in front of :now()
That's it. Just a typo.
Your second error message clearly says that you didn't actually deleted the colon but removed something else - most likely a quote. You need to be more attentive in writing. And pay more attention to the error messages, they are quite informative.
This question already has answers here:
Using Mysqli bind_param with date and time columns?
(5 answers)
Closed 1 year ago.
I am trying to use prepared statements to insert a datetime for a library application. Here is the code thus far:
global $dbh;
$query = "INSERT INTO `loan` SET
`title` = (?), //example value - Lord of the Rings
`description` = (?), //example value - Trilogy
`start_date` = (?), //example value 20120701 in String datatype
`end_date` = (?)"; //example value 20120702 in String datatype
$statement = $dbh->prepare($query);
$statement->bind_param("ssss", $title,$description,$startDate,$endDate);
$statement->execute();
print $statement->error; //to check errors
$statement->close();
However, I cannot seem to insert this value into the row. At the same time, somehow the
print $statement->error
does not seem to display any error.
Any help will really do.
UPDATE:
It actually works. I was just referencing the wrong database. But I want to add a little outro for new people who chanced upon this.
Remove all the comments as mentioned in the comments/answers as they will mess up your string.
For DATETIME, remember to specify the datatype as String as MySQL only recognises String datatype. If you are not using prepared queries, this means you have to add '' quotes for the values.
The insertion will result in the date (2012-07-01 00:00:00) format as time is not specified.
Both SQL queries work. INSERT INTO tbl_name SET col_name = value or INSERT INTO tbl_name(col_name) VALUES (value) work.
Try something like this:
global $dbh;
$query = "INSERT INTO loan (title, description, start_date, end_date) VALUES (?,?,?,?)"
$statement = $dbh->prepare($query);
$statement->bind_param("ssss", $title,$description,$startDate,$endDate);
$statement->execute();
print $statement->error; //to check errors
$statement->close();
Assuming your form input for your date is a type input named "date", here is what you do. In php type
$date = $_POST['date']
$query = "INSERT INTO `loan` SET
`title` = (?),
`description` = (?),
`start_date` = ".$date. //Insert variable here
"`end_date` = (?)";
I know it's not good practice to insert a date in one single type input but I am just using this example for simplicity only. The proper way you can figure out yourself.