0
$city = "Amersfoort";

if ($stmt = $mysqli->prepare("SELECT District FROM City WHERE Name=?")) {
    $stmt->bind_param("s", $city);
    $stmt->execute();
    $stmt->bind_result($district);
    $stmt->fetch();
    printf("%s is in district %s\n", $city, $district);
    $stmt->close();
}

This brings many questions:
- What is s on the line 4? Do I need to bother with that?
- What if I needed two conditions on SQL query? SELECT something FROM table WHERE x=? OR y=??
- Why bind_param("s", $city) and not bind_param("daniweb", $city)? How does that affect query anyhow if the only usage is below when echoing?

I've been told to used "bind params" in other topic on here. But I don't understand it.

Edited by Aeonix

4
Contributors
9
Replies
52
Views
1 Year
Discussion Span
Last Post by diafol
2

Hi, CEREAL posted while I was typing, but expanding what he already said ...

Considering your first query:
$stmt = $mysqli->prepare("SELECT District FROM City WHERE Name=?")
you use bind_param to state that the first parameter (the ? in the query) type is a string ("s") and the value of that string is $city.
$stmt->bind_param("s", $city);

If there are multiple parameters like in your second query:
$stmt = $mysqli->prepare("SELECT something FROM table WHERE x=? OR y=?")
you extend the bind_param statement:
$stmt->bind_param("si", $x, $y);
This defines the first parameter as a string with the value $x and the second parameter is an integer with the value $y

See http://php.net/manual/en/mysqli-stmt.bind-param.php for more details and a list of the 4 parameter types.

Note (I have added backticks ` to your query to ensure the table name and field names are recognised as such. This prevents trouble if one of these names is the same as one of the 'special words' (see: http://dev.mysql.com/doc/refman/5.6/en/replication-features-reserved-words.html ).

0

Read the documentation to see the data types you can define: http://php.net/manual/en/mysqli-stmt.bind-param.php

Once again, I've been to manuals, this is where I got this example from :D

But yea, I see now, in bind_param I define the types in first string, and then pass the references for each as argument.

But what is $stmt->bind_result($district); does it just store result in $district?

Is this correct:

    $stmt = $mysqli->prepare("SELECT * FROM `members` WHERE username=? OR email=?");
    $stmt->bind_param("ss", $username, $email);
    $stmt->execute();

    if ($stmt->num_rows > 0) {
        echo "User found!"
    }
    $stmt->close();

?

Edited by Aeonix

0

But what is $stmt->bind_result($district); does it just store result in $district?

Yes, but only for the current result pointer.

Is this correct:

You have to store the result, otherwise you get 0.

Edited by cereal

0
$stmt = $dbconn->prepare("SELECT * FROM `members` WHERE username=? AND password=?");
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
$dbresult = $stmt->fetch();
echo $dbresult; // null
$stmt->close();

Any ideas? I think I store variable, but I don't apparently... could you lend me a hand? ;)

Edited by Aeonix

0

var_dump($stmt->fetch()) returns true. LOL. No s#!t Sherlock!

How do I bind resulted array into the bind_param so far rifling through internet forces me to create external function. But there must be smaller way.

mysqli_stmt::get_result() and many others are "called to undefined method"...

Edited by Aeonix

0

This is why I use PDO for general stuff :)

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.