prepared-statement

问题 I'm new to using JDBC + MySQL. I have several 1/0 values which I want to stick into a database with a PreparedStatement. The destination column is a BIT(M!=1). I'm unclear on which of the setXXX methods to use. I can find the references for what data comes out as easily enough, but how it goes in is eluding me. The values effectively live as an ordered collection of booleans in the objects used by the application. Also, I'll occasionally be importing data from flat text files with 1/0

问题 I've been having a little trouble passing an array into a SQL query using Java's prepared statements. I had first tried the sourceforge driver, however I would get the AbstractMethodError when I call setArray method. Not knowing the solution to that I swapped to the Microsoft sqlserver driver, but now I get a different error entirely, which is "java.sql.SQLFeatureNotSupportedException: This operation is not supported." Tried a whole bunch of things to try and resolve this but nothing appears

问题 I'm having issues binding the LIKE with Wildcard into my prepared statement in MySQLi. I tried both the following methods below as shown & concat.(updated with @fancyPants input) Is there a way so that I can view my own SQL statement after the binding happens? How do I bind it properly to get the result I want ? It works without the LIKE statement. I could only pull out data from using a certain search term. Is there anything wrong with my code? $str = $_POST["searchstr"]; if(isset($_POST[

问题 I am trying to change my code to msqli prepared statements from mysql. I am not sure how to adapt my code that currently works to check if there is an email already in the database. Below is the code I am currently using that works. How do I change this into a prepared statement and get the same result? //if email is equal to an email already in the database, display an error message if(mysql_num_rows(mysql_query("SELECT * FROM users WHERE email = '".mysql_real_escape_string($_POST['email']).

问题 When I am using a PDO prepared statement, and use it to plug in a table name to the query it fails, a quick example: $stmt = $dbh->prepare("CREATE TABLE ? (id foo, int bar,...)"); $stmt->execute(Array('table_foobar')); All it does is replaces ? with 'table_foobar' , the single quotes don't allow creation of the table for me! I end up needing to do a sprintf on TOP of the prepared statement to add in a predefined table name. What on earth am I missing here? 回答1: I can find nothing clear in the

问题 sometimes i need to insert into the table some null values, or update them setting the value to NULL. I've read somewhere in the postgresql documentation that this cant be done, but can be tricket with the default value: pg_query("INSERT INTO my_table (col_a, col_b) VALUES ('whatever', default) p.s: i know that in this example i'll have the same result with pg_query("INSERT INTO my_table (col_a) VALUES ('whatever') But the problems comes witht the prepared statements: pg_prepare($pgconn,

问题 I am beating my head over the below syntax error. I am trying to bind an imploded array into a prepared statement, but I am getting the following syntax error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?' at line 1 Here is my code. Can anyone see where I am going wrong? <?php include('config.php'); $selected = $_POST['selected']; if ($stmt = $mysqli->prepare("DELETE FROM email_addresses WHERE email

问题 I want to get the number of rows from the database, but when I try to do this the $g_check variable will be equal to 0 and my code will echo the $sugg_title message which is in the else statement. But in the database there are 4 inserted groups so the num_rows property should return 4. $sql = "SELECT DISTINCT gp.logo, gp.name FROM gmembers AS gm LEFT JOIN groups AS gp ON gp.name = gm.gname WHERE gp.creator != ? AND gm.mname != ? LIMIT 10"; $stmt = $conn->prepare($sql); $stmt->bind_param('ss',

问题 I am trying to write prepared statement for user input. parameter numbers are variable depends on user input. i am trying this code php code: $string = "my name"; $search_exploded = explode( " ", $string ); $num = count( $search_exploded ); $cart = array(); for ( $i = 1; $i <= $num; $i ++ ) { $cart[] = 's'; } $str = implode( '', $cart ); $inputArray[] = &$str; $j = count( $search_exploded ); for ( $i = 0; $i < $j; $i ++ ) { $inputArray[] = &$search_exploded[ $i ]; } print_r( $inputArray );

问题 I have a database log appender that inserts a variable number of log lines into the database every once in a while. I'd like to create an SQL statement in a way that prevents SQL injection, but not using server-side prepared statements (because I have a variable number of rows in every select, caching them won't help but might hurt performance here). I also like the convenience of prepared statments, and prefer them to string concatination. Is there something like a 'client side prepared