Re: Prepared Statements - Select - Bind Parameters w/ correction

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ethan,

Please accept my apologies for the minor errors in the untested code I previously provided for your edification.
Consider the following tested code:

<?php
/*
CREATE TABLE test (id INT UNSIGNED PRIMARY KEY AUTO_INCREMENT, data INT UNSIGNED);
    INSERT INTO test (data) VALUES (123),(124),(125);
*/

    // Faking a POST for testing
    $_POST = array(
        'id' => "1",
        'data' => "123"
    );

    // Don't forget to put your mysql configuration here
    $mysql_host = 'localhost';
    $mysql_user = 'user';
    $mysql_password = 'password';
    $mysql_database = 'test';
$dbh = mysqli_connect( $mysql_host, $mysql_user, $mysql_password, $database );
    if( !$dbh )
        die( 'Connect failed: ' . mysqli_connect_error() . PHP_EOL );

// Configure the query and the acceptable params to put into the WHERE clause
    $q = 'SELECT * FROM test WHERE 1';
    $allowed_fields = array(
        'data' => 'i',
        'id' => 'i'
    );

    // Magically put everything together
    $types = '';
    $args = array();
    foreach( $allowed_fields as $k => $type )
    {
        if( !array_key_exists( $k, $_POST ) )
            continue;

        $args[] = &$_POST[$k]; // Note the addition of the ampersand here
        $types .= $type;
        $q .= " AND ($k = ?)";
    }

    // For debugging and demonstration
    echo 'Query: ' . $q . PHP_EOL;
    echo 'Bind types: ' . $types . PHP_EOL;
    echo 'Arguments:' . PHP_EOL;
    print_r($args);

    $stmt = mysqli_prepare( $dbh, $q );
    if( !$stmt )
        throw new Exception( 'Error preparing statement' );

// Put the statement and types variables at the front of the params to pass to mysqli_stmt_bind_param() array_unshift( $args, $stmt, $types ); // Note that I've moved this call. Apparently it doesn't pass back the result. I guess sometimes I just forget these things.

    // mysqli_stmt_bind_param()
    if( !call_user_func_array( 'mysqli_stmt_bind_param', $args ) )
        throw new Exception( 'Failed calling mysqli_stmt_bind_param' );

    if( !mysqli_stmt_execute( $stmt ) )
        throw new Exception( 'Error while executing statement' );
    mysqli_stmt_bind_result( $stmt, $id, $data );

    while( mysqli_stmt_fetch($stmt) )
        printf( "%d %d\n", $id, $data );

    mysqli_stmt_close( $stmt );
    mysqli_close( $dbh );

/////// end code snippet


I would recommend you consider Jim Giner's remarks as well. PHP's error message was giving you exactly what you needed to solve the problem with the code I gave you. There is even a note about using call_user_func_array() in the documentation about mysqli_stmt_bind_param(). In fact, the first example in the comments on the mysql_stmt_bind_param() page shows one way of solving the issue you are having. (http://php.net/manual/en/mysqli-stmt.bind-param.php)

I think you will find people a lot more willing to help if you can show that you've done basic research like looking at the documentation for the function you are trying to use :-)

If you don't understand references, I would recommend reading about them: http://php.net/manual/en/language.references.php


-Matt

On 09/27/2012 09:40 AM, Ethan Rosenberg, PhD wrote:
Dear list -

SEE CORRECTION IN $_POST VARIABLE BELOW.

Thanks to all for your help.

I hope [??] that this question will solve all the remaining problems.

So that we are on the same page, here is what was previously stated.

mysqli_stmt_bind_param expects three variables, in this order ---- mysqli_stmt_bind_param($stmt, "num", $a, $b, $c)
    Where stmt is the query w/ the ?? that is

SELECT Site, MedRec, Fname, Lname, Phone, Height, Sex, Hx, Bday, Age FROM Intake3 where 1 AND (Site = ?) AND (MedRec = ?) AND (Sex = ?) and num is the number and type of variables is the query, in this case 'sis'

$a $b and $c are the variables to be inserted, in this case:
    $a = $_POST['Site'];
    $b = $_POST['MedRec'];
    $c = $_POST['Sex'];

As I seem to have found, the variables cannot be a string or components of an imploded array.

This is a search function that will take patient supplied data and search the Intake database to determine the Medical Record Number. There are nine variables in the database, and I never know which variables the patient will give.

Based on the database, it is easy to set up the correspondence. The database is searched in the order of the correspondence and the letters can be
immediately determined...


   $a = $_POST['Site']

   $b = $_POST['MedRec']

   $c = $_POST['Fname']

   $d = $_POST['Lname']

   $e = $_POST['Phone']

   $f = $_POST[Height']

   $g = $_POST['Sex']

   $h = $_POST['Hx']

   $i = $_POST['Bday']

   $i = $_POST['Age']  <----- Corrected


The challenge is to be able to dynamically select the variables that will go intomysqli_stmt_bind_param.

Advice and help, please


Ethan



--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux