prepared-statement

I'm building an API using the Go (1.6.x) sql package along with with PostGres (9.4). Should my prepared statements have application or request scope? Having read the docs it would seem more efficient to scope them at the application level to reduce the number of preparation phases. However, perhaps there are other considerations and prepared statements are not designed to live that long? Prepared statements are so that you can execute repetitive SQL commands which may only differ in parameter values for example. They are not meant to live "long" as a prepared statement may (they do if called

This question already has an answer here: preparedStatement syntax error 2 answers I have written a prepared statement but its giving a syntax error at ?. I am not able to understand whats wrong.It should pass a movie name and get the result as directors of that movie stmt=getConnection().createStatement(); String sql="SELECT directors FROM moviedata WHERE moviedata.title = ?"; PreparedStatement preparedStatement=conn.prepareStatement(sql); preparedStatement.setString(1,movieName); rs=preparedStatement.executeQuery(sql); The problem is here: rs=preparedStatement.executeQuery(sql); You shouldn

I have: String query = "INSERT INTO Basestations VALUES(?, ?, ?, ?, ?, ?, ?," + "?, ?, ?, ?, ?, ?, ?, ?)"; PreparedStatement prep = conn.prepareStatement(query); prep.setInt(1, profile.getNetworkId()); prep.setInt(2, profile.getBaseStationId()); prep.setInt(8, profile.getLoadLevel()); prep.setInt(11, profile.getPositionX()); prep.setInt(12, profile.getPositionY()); prep.setInt(13, profile.getPort()); prep.setDouble(3, profile.getSignalStrength()); prep.setDouble(4, profile.getFrequency()); prep.setDouble(6, profile.getMaxBitrate()); prep.setDouble(7, profile.getGuaranteedBitrate()); prep

Does cfquery becomes a prepared statement as long as there's 1 cfqueryparam ? Or are there other conditions? What happen when the ORDER BY clause or FROM clause is dynamic? Would every unique combination becomes a prepared statement? And what happen when we're doing cfloop with INSERT , with every value cfqueryparam'ed, and invoke the cfquery with different number of iterations? Any potential problems with too many prepared statements? How does DB handle prepared statement? Will they be converted into something similar to store procedure? Under what circumstances should we Not use prepared

As in title: to be sure, I was debugging my application, and so in line, where I put strings into PreparedStatement variable, special characters are changing to "?". I actually don't know where to search for things that should repair it, so I don't know if code is required.. Anyway, I'll put some here: PreparedStatement stm = null; String sql = ""; try{ sql = "INSERT INTO methods (name, description) VALUES (?, ?)"; stm = connection.prepareStatement(sql); stm.setString(1, method.getName()); stm.setString(2, method.getDescription()); //... }catch(Exception e){} while debugging 'name' field was

PDO ist not supported in target system I'm working on and though I seek a solution for preventing SQL-Injection using PHP 5.1.x on a PostGres-DB 8.2+ . There is at the moment no chance of switching to PDO. My solution at the moment is pg_prepare-prepared statement: // Trying to prevent SQL-Injection $query = 'SELECT * FROM user WHERE login=$1 and password=md5($2)'; $result = pg_prepare($dbconn, "", $query); $result = pg_execute($dbconn, "", array($_POST["user"], $_POST["password"])); if (pg_num_rows($result) < 1) { die ("failure"); } But pg_prepare-documentation lacks about an important

Error: Fatal error: Call to a member function bind_param() on a non-object in /var/www/web55/web/pdftest/events.php on line 76 Code: public function countDaysWithoutEvents(){ $sql = "SELECT 7 - COUNT(*) AS NumDaysWithoutEvents FROM (SELECT d.date FROM cali_events e LEFT JOIN cali_dates d ON e.event_id = d.event_id WHERE YEARWEEK(d.date) = YEARWEEK(CURRENT_DATE()) AND c.category_id = ? GROUP BY DAY(d.date) ) AS UniqueDates"; $stmt = $this->link->prepare($sql); $stmt->bind_param('i', $this->locationID); $stmt->execute(); $stmt->bind_result($count); $stmt->close(); return $count; } $this->link-