prepared-statement

问题 I have a mysqli query with the following code: $db_usag->query("UPDATE Applicant SET phone_number ='$phone_number', street_name='$street_name', city='$city', county='$county', zip_code='$zip_code', day_date='$day_date', month_date='$month_date', year_date='$year_date' WHERE account_id='$account_id'"); However all the data is extracted from HTML documents so to avoid errors I would like to use a prepared statement. I found PHP documentation on bind_param() but there is no UPDATE example. 回答1:

问题 I'm re-engineering a PHP-driven web site which uses a minimal database. The original version used "pseudo-prepared-statements" (PHP functions which did quoting and parameter replacement) to prevent injection attacks and to separate database logic from page logic. It seemed natural to replace these ad-hoc functions with an object which uses PDO and real prepared statements, but after doing my reading on them, I'm not so sure. PDO still seems like a great idea, but one of the primary selling

问题 I'm using PHP PDO with PostgreSQL for a new project. Given the following function, how can I return the id of the row just inserted? It doesn't work the way it looks now. function adauga_administrator($detalii) { global $db; $ultima_logare = date('Y-m-d'); $stmt = $db->prepare("INSERT INTO site_admins (sa_nume, sa_prenume, sa_user_name, sa_password, sa_email, sa_id_rol, sa_status, sa_ultima_logare) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->bindParam(1, $detalii['nume']); $stmt->bindParam(2,

问题 Is there a way to retrieve the auto generated key from a DB query when using a java query with prepared statements. For example, I know AutoGeneratedKeys can work as follows. stmt = conn.createStatement(); stmt.executeUpdate(sql, Statement.RETURN_GENERATED_KEYS); if(returnLastInsertId) { ResultSet rs = stmt.getGeneratedKeys(); rs.next(); auto_id = rs.getInt(1); } However. What if I want to do an insert with a prepared Statement. String sql = "INSERT INTO table (column1, column2) values(?, ?)"

问题 Is there a way to retrieve the auto generated key from a DB query when using a java query with prepared statements. For example, I know AutoGeneratedKeys can work as follows. stmt = conn.createStatement(); stmt.executeUpdate(sql, Statement.RETURN_GENERATED_KEYS); if(returnLastInsertId) { ResultSet rs = stmt.getGeneratedKeys(); rs.next(); auto_id = rs.getInt(1); } However. What if I want to do an insert with a prepared Statement. String sql = "INSERT INTO table (column1, column2) values(?, ?)"

问题 I'm working on a dynamic query that uses variables to specify a table, a field/column, and a value to search for. I've gotten the query to work as expected without the variables, both in phpMyAdmin (manually typing the query) and from within the code by concatenating the variables into a complete query. However, when I use bindParam() or bindValue() to bind the variables, it returns an empty array. Here's my code: function search_db($db, $searchTerm, $searchBy, $searchTable){ try{ $stmt = $db

问题 How would you write a prepared MySQL statement in PHP that takes a differing number of arguments each time? An example such query is: SELECT `age`, `name` FROM `people` WHERE id IN (12, 45, 65, 33) The IN clause will have a different number of id s each time it is run. I have two possible solutions in my mind but want to see if there is a better way. Possible Solution 1 Make the statement accept 100 variables and fill the rest with dummy values guaranteed not to be in the table; make multiple

问题 I have created a HTML form where users would submit their name, email, and language skills. Since a user may speak more than one language, user will be able to generate additional rows by clicking an "add" button. The form will then be submitted and entered into a MySQL database. I'm using two tables to hold the received data, whereas the user-id in the first table will be auto_incremented: | (user-id) | name | email| | user-id | language | proficiency| Now I'm trying to write the PHP code,

问题 SO I learned this from w3schools. . .however the example used data directly injected into the code. I was wondering how can I use the same code block but receive data from a form instead <?php $servername = "localhost"; $username = "username"; $password = "password"; $dbname = "myDBPDO"; try { $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password); // set the PDO error mode to exception $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // prepare sql and

问题 I have a prepared statement to update several fields. I get the data from a formular, but not all fields are required. So it's possible that some fields are not set. I set them default to NULL. Now I don't want to overwrite the old value by NULL. How can I tell MySql not to Update the value if it's NULL? $insert_stmt = $mysqli->prepare(" UPDATE members SET username=?, email=?, $password=?, $random_salt=?, level=?, customerID=?, name=?, surname=?, phone=?, quantities=? WHERE id=? "); $insert