prepared-statement | 易学教程

Ways of concatenating string in a prepared statement [duplicate]

阅读更多关于 Ways of concatenating string in a prepared statement [duplicate]

This question already has an answer here: What is a NullPointerException, and how do I fix it? 12 answers I have a web application that needs to be stored its data on specific tables depending on the user's input. e.g. if a user input Code "A" their data will be saved to DatabaseA, while if a user input Code "B", the data will be saved to DatabaseB. I need to know if there is way to manipulate the prepared statement in order to just concatenate the code into the end of the prepared statement string. I have 3 tables, MachineProblem2A,2B,and 2C. is there a way to just simply concatenate the code

mysqli fatal error: No index used in query/prepared statement

阅读更多关于 mysqli fatal error: No index used in query/prepared statement

I want to execute a simple prepared Statement using mysqli, but it won't work. I have this table: CREATE TABLE IF NOT EXISTS `account` ( `id` int(11) NOT NULL AUTO_INCREMENT, `email` varchar(100) COLLATE latin1_german2_ci NOT NULL, `password` varchar(100) COLLATE latin1_german2_ci NOT NULL, `created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_german2_ci AUTO_INCREMENT=4 ; And want to print the id of a specific email. $mysqli = new mysqli($server,$user,$pass,$db); if(mysqli_connect_errno()) { echo "Connection Failed: "

Problems with my attempt to implement an UPSERT

阅读更多关于 Problems with my attempt to implement an UPSERT

问题 I'm having this problem when checking a condition to update a table in PostgreSQL. It has to check if the user download this once and if yes, add +1 in acessos . <?php $result2 = pg_query("SELECT * from downloads WHERE (nome = $_POST[nome_download] AND email = $_POST[email_download])"); if (pg_num_rows($result2) == 0){ $result = pg_query("INSERT INTO downloads (nome, email, estado, arquivo, acessos) VALUES ('$_POST[nome_download]','$_POST[email_download]','$_POST[estado_download]','$_SESSION

Insert CURRENT_TIMESTAMP with prepared statement

阅读更多关于 Insert CURRENT_TIMESTAMP with prepared statement

问题 I´m inserting data with prepared statements. How can I assign a variable to CURRENT_TIMESTAMP and bind the value? I have a database table with the columns "name, lastfed, lastdoc and id". The 2 columns called lastfed and lastdoc are of type timestamp. I have a function and once I run it I want lastfed and lastdoc to register the current date and time. $lastfed = CURRENT_TIMESTAMP; $lastdoc = CURRENT_TIMESTAMP; $query = $db->prepare("INSERT INTO test (`name`, `lastfed`, `lastdoc`, `id`) VALUES

Get the query plan using jdbc PreparedStatement on sql server

阅读更多关于 Get the query plan using jdbc PreparedStatement on sql server

问题 Using Statment, resultSet.getObject returns query plan as xml Connection conn = getConnection(); String query = " SET SHOWPLAN_XML on "; Statement st = conn.createStatement(); boolean execute=st.execute(query); log.info("execute status {} " , execute); query = " SELECT ATMPROFILES.TERMID as COLUMNID, ATMPROFILES.TERMID as COLUMNNAME FROM ATMPROFILES (NOLOCK) " + " WHERE Authprocessname = 'ATMST' " + "ORDER BY ATMPROFILES.TERMID "; ResultSet rs = st.executeQuery(query); while(rs.next()) {

Java: creating a date object from a string and inserting into MySQL

阅读更多关于 Java: creating a date object from a string and inserting into MySQL

Anytime I have to handle dates/times in java it makes me sad I'm trying to parse a string and turn it into a date object to insert in a preparepared statement. I've been trying to get this working but am having no luck. I also get the helpful error message when I go to compile the class. "Exception in thread "main" java.lang.Error: Unresolved compilation problem: The method setDate(int, Date) in the type PreparedStatement is not applicable for the arguments (int, Date)" Eh WTF? Here is the offending code. for(int i = 0; i < flights.size(); i++){ String[] details = flight[i].toString().split(":

mysqli_fetch_assoc() expects parameter / Call to a member function bind_param() errors. How to get the actual mysql error and fix it?

阅读更多关于 mysqli_fetch_assoc() expects parameter / Call to a member function bind_param() errors. How to get the actual mysql error and fix it?

In my local/development environment, the MySQLi query is performing OK. However, when I upload it on my web host environment, I get this error: Fatal error: Call to a member function bind_param() on a non-object in... Here is the code: global $mysqli; $stmt = $mysqli->prepare("SELECT id, description FROM tbl_page_answer_category WHERE cur_own_id = ?"); $stmt->bind_param('i', $cur_id); $stmt->execute(); $stmt->bind_result($uid, $desc); To check my query, I tried to execute the query via control panel phpMyAdmin and the result is OK. Sometimes your mysqli code produces an error like mysqli_fetch

Getting rid of SQL injection without using Prepared statement

阅读更多关于 Getting rid of SQL injection without using Prepared statement

问题 My application has a lot of JDBC queries written using Statement and is thus vulnerable to SQL injection. Unfortunately this application was developed around 10 years back and probably developers didn't know about Prepared statement. I know that the best way to solve this problem is to use PreparedStatement but it is very tedious to convert it throughout the application. Also, writing any sort of Patten matching for SQL injection could be very tricky as keywords like Select, insert, union,

MySQL Prepared Statement - How to Loop Through

阅读更多关于 MySQL Prepared Statement - How to Loop Through

问题 I have a table filled with ID numbers, which I need to loop through, and use as variables in a prepared statement. I do not know if I need to use a stored procedure for this, or if a regular query can do it. Here is a simple example. SELECT id from var_list; loop through @ID = var_list.id .... SET @s1 = "SELECT * FROM data WHERE id = @ID"; PREPARE stmt1 FROM @s1; EXECUTE stmt1; DEALLOCATE PREPARE stmt1; As mentioned in the comment, I just need this to export some data, I have about 50-100 ID

PostgreSQL syntax error in parameterized query on “date $1”

阅读更多关于 PostgreSQL syntax error in parameterized query on “date $1”

问题 Trying to parameterize my SQL queries (using libpq function PQexecParams), I was stuck on a syntax error: SELECT date $1 The error is: ERROR: syntax error at or near "$1" 回答1: Prepared statements The explanation for this can be found in the chapter Constants of Other Types of the manual: The :: , CAST() , and function-call syntaxes can also be used to specify run-time type conversions of arbitrary expressions, as discussed in Section 4.2.9. To avoid syntactic ambiguity, the type 'string'