Questions tagged [prepared-statement]

A Prepared Statement (or parameterized statement) is a precompiled SQL statement that serves to improve performance and mitigate SQL injection attacks. Prepared statements are used in many popular Relational Database Management Systems.

0
votes
0answers
28 views

PHP not selecting any value from mysql using prepared sstatement

I am working on a php+mysql re-write of the KDE konquest game, with a bunch of added changes. At the moment I'm rather at the beginning, with the registration working (Checked, users are being ...
-2
votes
0answers
12 views

Fatal error: Call to a member function prepare() on null please help :( [duplicate]

Im keep getting this error. Fatal error: Call to a member function prepare() on null in /usr/local/www/apache24/data/include/classes/news.php on line 119 Please help :( heres the code <?php ...
0
votes
0answers
18 views

pg_prepare problem with string parameters

I am having problem with getting results from prepared statements in postgres My pg_prepare query is "SELECT username, firstname, lastname FROM myProject.myProject_users WHERE username = $1 AND ...
0
votes
0answers
35 views

PHP prepared statements return null when selecting multiple table

Currently using Slim PHP to do prepared statement. I am able to retrieve when my query is select * FROM doctor However, once I change to select * FROM doctor d, user u where d.doctor_nric=u....
1
vote
2answers
28 views

Get SQL table data for current month using prepared statement PHP

Here is a code which I am using to get current month data from table wp_formdata HTML : <div class="result" id="result" name="result"> <?php echo $head1; ?> <?php echo $...
0
votes
1answer
21 views

mysqli_stmt_execute() Error : execute() expects exactly 0 parameters, 1 given

I am trying to save data from a html form into database wordpress table : wp_testdb using Prepared Statements method.But I am getting error against line mysqli_stmt_execute(); Warning: ...
-1
votes
0answers
23 views

HTTP Error 500 using PHP to Cpanel MySQL database [duplicate]

I've looked everywhere and i can't seem to find help. I got a code from a guy on YouTube, as i don't know PHP just yet, i followed his exact instructions but to no success. I need a PHP code that ...
-2
votes
1answer
30 views

How can I change this code into PHP prepared statements [on hold]

This is a code that I made a pagination to display my gallery from the database. Now I need to convert this code into Prepared Statements, I am new to a prepared statement. I am really confused how to ...
0
votes
0answers
25 views

Normal SQLi statement to Prepared Statement Troubleshoot

I've been trying (to no end) to convert the following normal SQLi statement & after hours of trying I'm still not able to see where I'm going wrong. The statement is as follows: $get_comments =...
0
votes
1answer
24 views

How to 'order by' prepared select statement without making a second search

Is there a way to order the prepared sql without preparing another select? $stmt = $conexao->stmt_init(); $stmt->prepare("SELECT * FROM esc_usuarios WHERE usu_codigo = ?"); $stmt->bind_param(...
-1
votes
1answer
45 views

Passing date sql type in prepared statement with PDO

I'm using 000webhost to host my website. I'm trying to implement this flow: Receive file about a given date and shift; Delete any information about that date and shift that exists in the database; ...
1
vote
1answer
15 views

error { error: bind message supplies 11 parameters, but prepared statement “” requires 12

I have created post api but not able to figure out why am I getting this error ? Any suggestion for what I need to change in my query? Query : router.post('/bills', function(req, httpres, next) { ...
-2
votes
1answer
37 views

Converting a normal SQLi statement containing LIKE to a prepared statement [closed]

I have the following code that has wildcard LIKE statements in the queries. My understanding is that the bind parameters need to be declared as variables before the statement and not within. I've ...
0
votes
1answer
34 views

Converting normal Search SQL statement with % to prepared statement

I have the following code that I'm attempting to convert to a prepared statement: $query = mysqli_query($con,"SELECT * FROM users WHERE friend_array LIKE '$username,%' OR friend_array LIKE '%,$...
0
votes
0answers
22 views

$wpdb->prepare throws error in a WordPress backend PHP script

I am working on a PHP backend script for my WordPress site to update a database table when a user submits a form. It is throwing an error at the line with $wpdb->prepare. Fatal error: Uncaught ...
2
votes
0answers
32 views

Errorproof prepared statements with PHP [duplicate]

I am trying to understand how error handling in prepared statements in procedural PHP style should work. According to the documentation, mysqli_prepare and mysqli_stmt_execute output the boolean ...
0
votes
2answers
35 views

Converting a normal OOP SQLi statement to a Prepared Statement

I have the following normal User class statement that I'm trying to convert to a prepared statement. public function didReceiveRequest($user_from) { $user_to = $this->user['username']; $...
0
votes
0answers
55 views

How do I properly delete in Java mysql?

I am at wits end with a Java web app that will not run a delete in Mysql. I get no errors, and when I copy and paste my query into the Mysql workbench, it does what it is supposed to. SELECT and ...
0
votes
2answers
31 views

Sending data to DB using Ajax in Jquery

I'm trying to send data to the database using a button call hide or show. When I click hide it display user information, and show does the opposite. The jQuery I have for this is as follows: $(...
0
votes
1answer
26 views

Binding parameters for inserting constants in query?

Using bound parameters (using ?) in Prepared Statement is a popular strategy for inserting parameters in SQL queries at runtime. My question is, should this strategy be used for inserting constants ...
0
votes
0answers
36 views

skip image update if empty [duplicate]

I have problem updating image with php, in-case of no changes i want old image to remain in the database. the following code updating new image but if i make no changes its deleting old image. $ID = $...
0
votes
0answers
27 views

PDO ignore quotes in col names [duplicate]

I'm building a php api that edit some informations for an account. Here's an exemple of my code (not the real code but something shorter) : $interrogations ="?=?, ?=?, ?=?"; //auto generated $...
1
vote
1answer
42 views

mysqli prepare statement error “MySQL server has gone away”

I'm struggling to make the jump form Procedural to Object Orientated style so if my code is untidy or flawed please be nice - here I'm passing a couple of posts via jQuery to a class to update a ...
0
votes
1answer
35 views

Oracle Java Prepared Statement Insert if not exists

i have a problem with Java PreparedStatement and Oracle. In short I want to create a Batch Insert using Java in my Oracle DB. I try to do it with this code: PreparedStatement preparedStmt = ...
0
votes
0answers
16 views

Unknown column and Undefined index [duplicate]

could you guys help me with this code, please conects perfectly to mysql and reads the json file but show that also in json parse see array (array[0]... require_once('conn_v2_1.php'); $json = ...
0
votes
0answers
26 views

HIVE JDBC BatchUpdate using INSERT Overwrite

I have a hive table emp with a date partition and I wish to overwrite the partition every time I do an insert. I'm using JDBC batchUpdate and the hive's insert overwrite. The issue is that whenever ...
0
votes
0answers
30 views

Need advice on how to add data from html form to database [duplicate]

I have no idea what I'm doing wrong, keeps on saying HTTP 500 error. I am trying to make a registration form for businesses. have to add: referral, business name, industry, street Address 1, street ...
0
votes
0answers
33 views

Poor performances with an sp_prepexec query on indexed fields, why?

I use SQL Server 2012. I have a table with 1 500 000 individuals. In this table, I have a non-clustered indexed field UR_ID. The application I work with selects data from my individual table. It ...
-3
votes
1answer
46 views

How to pass a mySQLi prepared statement to a function [closed]

I have a mySQLi prepared statement and a function I want to pass it to to check to see if the input meets the right format before executing it. I have determined in my actual code that if I move the $...
0
votes
1answer
29 views

Best way to get result of prepared MySQL statement with maximum of one row

I usually use this code to read/get the result of an prepared MySQL SELECT: $sqlname = $conn->prepare("SELECT name FROM test1 WHERE test2 = ?"); $sqlname->bind_param('s',$test); $sqlname->...
1
vote
2answers
42 views

Dynamic variable in executeUpdate (Java)

I have the following connection, statement and executeUpdate Connection con = DBConnPool.getInstance().getConnection(); Statement stmt = con.createStatement(); //String str1 ="update node set ...
0
votes
0answers
42 views

How to refactor this SQLite query to prevent SQL Injection

Into a ContentProvider of an Android app (java) I have this SQLiteDatabase query: db.execsql("SELECT " + FormsColumns._ID + ", " + FormsColumns.DISPLAY_NAME + ", " + FormsColumns....
2
votes
1answer
33 views

What does the output of PHP function 'mysqli_prepare' mean

I am new to PHP and prepared SQL sentences and I got one question when reading the documentation. Function 'mysqli.prepare' returns a boolean value when executed. According to the documentation: ...
0
votes
0answers
74 views

Unsupported HIVE feature UPDATE xxx SET

I have the following method in Java: public void save() throws SQLException { try (Connection conn = DbHelper.getConnection(); Statement stmt = conn.createStatement()) { try (...
0
votes
2answers
32 views

How can I add records in my database generically?

I am trying to add an object to the database regardless of the properties in the object. For example I have these two class, each goes in its own table. class Movie { public $Id; public $...
1
vote
2answers
41 views

MySQL - How to test user variable and use it in DROP VIEW

I'm new to user variables in MySQL and have run into some errors when trying to use them for anything but a SELECT statement. I'm trying to run a batch job to delete temporary views that are created ...
0
votes
0answers
38 views

Cannot prepare statement for INSERT .. sqlite3

I cannot find why this will not work .. every example i find online uses this construction for preparing the sql string that gets passed to a prepared statement ... but when i do the same the question ...
0
votes
1answer
46 views

Get a specific column of the updated rows

I need to know how to execute an update in JDBC with Oracle database backend and retrieve values for a specific column of the records that have been updated. The column that I am interested in is part ...
0
votes
3answers
45 views

PreparedStatement: Missing expression on single quote (ORA-00936)

I am querying an Oracle database like this: try (Connection c = dataSource.getConnection(); PreparedStatement p = c.prepareStatement( "SELECT * FROM table WHERE column_string = ?")) { ...
1
vote
2answers
29 views

Fatal error: Uncaught PDOException: Column cannot be null (BUT it isn't null…)

I'm getting a fatal error every time my PHP script is run. Despite that, all of the data is still uploaded to the database. When $values[0] is echoed, there are no NULL values as the error states, and ...
0
votes
2answers
19 views

MySQL insert/update a row containing a point type using a prepared statement

I am using a prepared statement to try to insert a new row into the MySQL table and if the index exists perform an update. I am fairly sure that the issue is related to the "point" field labelled "...
0
votes
0answers
56 views

How to check if two columns are same/equal on not?

I'm looking for a way to check if two columns(c1 and c2) which belongs to two different tables (t1 and t2) are equal or not But problem is both the tables (t1 and t2) are in two different databases(...
0
votes
1answer
57 views

Batch Insert for Timeseries table of Informix

I am trying to do Batch Insert for a table in Informix. I tried following code to perform Batch Insert for a normal table. PreparedStatement ps = conn.prepareStatement("insert into tableName (a,b,c,...
0
votes
0answers
23 views

Unsure if my prepare statements are working or not [duplicate]

I am unsure if my prepare statement is working correctly or not. When I fill out my web form, it adds to the database successfully, but is it protected? <?php if(isset($_POST['submit'])) { /* ...
0
votes
1answer
32 views

Creating mySQLi Prepared Statements for a PHP User Class

I have a User class that I created which looks something like this: class User { private $user; private $con; public function __construct($con, $user){ $this->con = $con; ...
1
vote
2answers
35 views

how to fetch results from PDO prepare statement

I am using PDO prepare statement to select result. My index.php is: include('operations.php'); $userprofileobj = new operations(); if(isset($_SESSION['user_email'])) { $results = $userprofileobj->...
-2
votes
0answers
12 views

PHP Prepared Statement Correct Variable Syntax [duplicate]

I'm using a variable in a Prepared Statement for the first time, after getting an error I've searched here and seen several different methods; At the moment I have; $sql ="UPDATE tips SET(tiptitle, ...
0
votes
1answer
38 views

How to ignore a column in SQL updates

I have a program that looks through a User model and adds values to a prepared update statement if they are not null as follows PreparedStatement pst = conn.prepareStatement("UPDATE users SET ...
2
votes
3answers
113 views

Cannot INSERT date with prepared statement

I am trying to do a multi-row INSERT for each day of a given month/year. If the loop runs just once, everything works as expected. If it runs 2 or more times, it throws the below error: SQLSTATE[...
0
votes
1answer
34 views

Java variable update from textfield only works once

I try my hardest to work these things out and rarely have to post but have tried for a week now and cannot figure out why this textfield returns the same string value even after updating it! I am ...