On 12/3/2012 2:30 PM, Ethan Rosenberg, PhD wrote:
Dear List - I am trying to use prepared statements with the following code: $allowed_fields = array ('Cust_Num' => 'i', 'Fname' => 's', 'Lname' => 's', 'Street' => 's','City'=> 's', 'State' => 's', 'Zip' => 'i', 'Phone' => 'i', 'Notes' => 's' ); if(empty($allowed_fields)) { echo "ouch"; } // Configure the query and the acceptable params to put into the WHERE clause $sql12 = 'SELECT * FROM Customers WHERE 1'; // Magically put everything together $types = ''; $args = array(); foreach( $allowed_fields as $k => $type ) { if( !array_key_exists( $k, $allowed_fields ) ) continue; else { if( ($_POST[$k]) != '') { $args[] = &$_POST[$k]; // Note the addition of the ampersand here $types .= $type; $sql12 .= " AND ($k = ?)"; } } } $stmt = mysqli_stmt_init($cxn); mysqli_stmt_prepare( $stmt, $sql12 ); The search fails. This debug code: echo "For debugging and demonstration #1<br />"; echo 'Query: ' . $sql12 . PHP_EOL; echo 'Bind types: ' . $types . PHP_EOL; echo "arguments<br />"; print_r($args); gives the following results: For debugging and demonstration #1 Query: SELECT * FROM Customers WHERE 1 AND (Fname = ?) AND (Lname = ?) AND (Street = ?) AND (City = ?) AND (State = ?) AND (Zip = ?) AND (Phone = ?) Bind types: sssssii arguments Array ( [0] => [1] => [2] => [3] => [4] => [5] => [6] => 845745745 ) If I search the database from the command line, these are the results - mysql> select * from Customers where Phone=845745745; +----------+---------+--------------+--------+--------+-------+-------+-----------+------------+---------------------+------+------+------+ | Cust_Num | Fname | Lname | Street | City | State | Zip | Phone | Date | Notes | P1 | P2 | P3 | +----------+---------+--------------+--------+--------+-------+-------+-----------+------------+---------------------+------+------+------+ | 10016 | okuibtg | uymkibtvgfrc | p7tvgf | Monsey | NY | 127 | 845745745 | 2012-12-01 | tvgfuyholkijuhy | NULL | NULL | NULL | | 10017 | okuibtg | uymkibtvgfrc | p7tvgf | Monsey | NY | 10952 | 845745745 | 2012-12-01 | tvgfuyholkijuhy | NULL | NULL | NULL | | 10018 | okuibtg | uymkibtvgfrc | p7tvgf | Monsey | NY | 32767 | 845745745 | 2012-12-02 | tvgfuyholkijuhy | NULL | NULL | NULL | +----------+---------+--------------+--------+--------+-------+-------+-----------+------------+---------------------+------+------+------+ 3 rows in set (0.00 sec) This is the output routine: if(count($errors_array) == 0) { ?> <center><b>Search Results</b></center><br /> <center> <table border="4" cellpadding="5" cellspacing="55" rules="all" frame="box" style="table-layout: fixed;"> <tr class="heading"> <th>Cust_Num</th> <th>First Name</th> <th>Last Name</th> <th>Street</th> <th>City</th> <th>State</th> <th>Zip</th> <th>Phone</th> <th>Notes</th> <?php $i = 0; do { { $vara2 = array(array($Cust_Num, $Fname, $Lname, $Street, $City, $State, $Zip, $Phone, $Notes)); $vara2[$i][0] = $Cust_Num; $vara2[$i][1] = $Fname; $vara2[$i][2] = $Lname; $vara2[$i][3] = $Street; $vara2[$i][4] = $City; $vara2[$i][5] = $State; $vara2[$i][6] = $Zip; $vara2[$i][7] = $Phone; $vara2[$i][8] = Notes; $_SESSION['exe'] = 2; ?> <tr> <td> <?php echo $vara2[$i][0]?> </td> <td> <?php echo $vara2[$i][1]?> </td> <td> <?php echo $vara2[$i][2]?> </td> <td> <?php echo $vara2[$i][3]?> </td> <td> <?php echo $vara2[$i][4]?> </td> <td> <?php echo $vara2[$i][5]?> </td> <td> <?php echo $vara2[$i][6]?> </td> <td> <?php echo $vara2[$i][7]?> </td> <td class="first-col"><?php echo $vara2[$i][8] ?></td> <?php echo "</tr>\n"; $i = $i + 1; } } while (mysqli_stmt_fetch($stmt)); //end do-while $imax = $i; echo "</table>"; echo "</center>"; echo "</form>"; Help and advice, please. Ethan
What is your question? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php