$city = "Amersfoort"; if ($stmt = $mysqli->prepare("SELECT District FROM City WHERE Name=?")) { $stmt->bind_param("s", $city); $stmt->execute(); $stmt->bind_result($district); $stmt->fetch(); printf("%s is in district %s\n", $city, $district); $stmt->close(); } This brings many questions: - What is `s` on the line 4? Do I need to bother with that? - What if I needed two conditions on SQL query? `SELECT something FROM table WHERE x=? OR y=?`? - Why `bind_param("s", $city)` and not `bind_param("daniweb", $city)`? How does that affect query anyhow if the only usage is below when echoing? I've been told to used "bind params" in other topic on here. But I …

Member Avatar
Member Avatar
+0 forum 9

Hello, I'm trying to insert values from a form to a table (employee) on my database using prepared statements. From what I can tell the connections are fine, am able to query the database (as shown in the code to check the user type of the current logged in user). My code follows all the tutorials ive read on many sites including posts on here. Yet I keep getting this error - "The method setInt(int, String) is undefined for the type Statement", also error occurs for setString. Any help with this would be much appreciated. JSP Connection Code [CODE] <% …

Member Avatar
Member Avatar
+0 forum 8

Hi All, I have problem while using prepared statements. i have a "Select" query in a xml & i m reading it through XML parser & supplying inputs throughs prepared statements. When i execute i am not getting desired results. Below is the snippet : String res=query (query is String i am getting from xml file) eg : Select * from sometable where load_date=(?) and site_num = (?) PreparedStatement pstmt = connection.prepareStatement(res); pstmt.setString(1, load_date); pstmt.setString(2, site_num); rows = pstmt.executeQuery(); I GET NO ERRORS NOTHING>>>>

Member Avatar
+0 forum 0

Since no one answered to my previous thread about a similar issue I rephrase the problem and try my luck again :) I have rather recently started working with prepared MySQLi-statements in php. From what I've learned is it supposed to be much more effective and secure so I've tried to adapt it to my projects as much as possible. The thing that always annoyed me with this technique is that I cannot figure out how to use it in the way you could without prepared statements to easily print out database information. I'm talking about this method: [CODE] $result …

Member Avatar
+0 forum 0

Hye I have a question: Suppose I use JDBC, JDBCTemplate in order to execute a sql query. The query is something like: query = "SELECT ... FROM ... WHERE user = ? AND password = ? AND x='valuex' AND y='valuey' ..." Where user,password - I got from the web user - so I want it to be in a PreparedStatement. But x,y,... (Suppose there are many variables like this) are values which I set their values myself at the code (e.g. constants), so there is no use for PreparedStatement on them. Is there a way I can combine the two …

Member Avatar
Member Avatar
+0 forum 6

The End.