mysqli_stmt_bind_param question

--Apple-Mail-141--771463115
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit

Hi Everyone,

I have a MySQL database that I am accessing from PHP. The table in
question has a auto increment field on it and I don't want to include
that in my add/edit/update query's to the database... But I can't seem
to figure out how to ignore it? Everything I have done seems to fail..
I am using prepared statements so I"m not sure it that is it, but I
would like to keep using them since it reduces the security issues a
little... Here is the code from one of my prepared statements:

//Create the statement
mysqli_stmt_prepare($stmt, "INSERT INTO legionCurrent VALUES
( ?,?,?,?,?,?,?,?)");
mysqli_stmt_bind_param($stmt, 'ssssssss', $FName, $LName, $Add1,
$Add2, $City, $State, $Zip, $XCode)or die(mysqli_error($addlink));
//Add the record
mysqli_stmt_execute($stmt) or die(mysqli_error($addlink));

Here is the error I get in my logs:

[Fri Apr 4 09:35:32 2008] [error] PHP Warning:
mysqli_stmt_bind_param() [function.mysqli-stmt-bind-param]: invalid object or
resource mysqli_stmt\n in /Volumes/RAIDer/webserver/Documents/dev/
OLDBv2/add.php on line 91

Line 91 is the mysqli_stmt_bind_param() line above

My database structure looks like this:

| FName | LName | Add1 | Add2 | City | State | Zip |
XCode | Reason | Record

I know there is away to do it, but all my searching and reading hasn't
told me anything... I've looked in the php manual, and mysql, plus
various websites... and I just can't figure this one out... RTFM's are
appreciated, as long as M is defined! :)

Thanks for taking the time to look!



--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
japruim@raoset.com




--Apple-Mail-141--771463115--

Re: mysqli_stmt_bind_param question

Hi!

First of all you must connect to the server and then perform an init to
get a statement. Maybe you dropped that code out here... Please have a
look at the manual page:

http://www.php.net/manual/en/function.mysqli-stmt-prepare.ph p

In order to get the result you also need to bind the result to a
variable and then fetch the data.

I'll guess that your error comes from an unsuccessful initialization of
your prepared statement.

If you don't want to include your primary key column that is
autogenerated you just ignore it. That means to write a proper query like:

INSERT INTO legioCurrent (column_1, column_2, ...)
VALUES (?,?,...)

I would also like to propose for you to use the object oriented style,
since it's more readable and easier to get an overview of. You also
don't need to mess around with so many parameters.

Greetings,
Krister Karlström, Helsinki, Finland

Jason Pruim wrote:

> Hi Everyone,
>
> I have a MySQL database that I am accessing from PHP. The table in
> question has a auto increment field on it and I don't want to include
> that in my add/edit/update query's to the database... But I can't seem
> to figure out how to ignore it? Everything I have done seems to fail.. I
> am using prepared statements so I"m not sure it that is it, but I would
> like to keep using them since it reduces the security issues a little...
> Here is the code from one of my prepared statements:
>
> //Create the statement
> mysqli_stmt_prepare($stmt, "INSERT INTO legionCurrent VALUES (
> ?,?,?,?,?,?,?,?)");
> mysqli_stmt_bind_param($stmt, 'ssssssss', $FName, $LName, $Add1, $Add2,
> $City, $State, $Zip, $XCode)or die(mysqli_error($addlink));
> //Add the record
> mysqli_stmt_execute($stmt) or die(mysqli_error($addlink));
>
> Here is the error I get in my logs:
>
> [Fri Apr 4 09:35:32 2008] [error] PHP Warning:
> mysqli_stmt_bind_param() [ > href='function.mysqli-stmt-bind-param'>function.mysqli-stmt- bind-param]:
> invalid object or resource mysqli_stmt\n in
> /Volumes/RAIDer/webserver/Documents/dev/OLDBv2/add.php on line 91
>
> Line 91 is the mysqli_stmt_bind_param() line above
>
> My database structure looks like this:
>
> | FName | LName | Add1 | Add2 | City | State | Zip |
> XCode | Reason | Record
>
> I know there is away to do it, but all my searching and reading hasn't
> told me anything... I've looked in the php manual, and mysql, plus
> various websites... and I just can't figure this one out... RTFM's are
> appreciated, as long as M is defined! :)
>
> Thanks for taking the time to look!
>
>
>
> --
>
> Jason Pruim
> Raoset Inc.
> Technology Manager
> MQC Specialist
> 3251 132nd ave
> Holland, MI, 49424-9337
> www.raoset.com
> japruim@raoset.com

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: mysqli_stmt_bind_param question

Hi Krister,

On Apr 4, 2008, at 2:35 PM, Krister Karlström wrote:
> Hi!
>
> First of all you must connect to the server and then perform an init =20=

> to get a statement. Maybe you dropped that code out here... Please =20
> have a look at the manual page:
>
> http://www.php.net/manual/en/function.mysqli-stmt-prepare.ph p
>
> In order to get the result you also need to bind the result to a =20
> variable and then fetch the data.
>
> I'll guess that your error comes from an unsuccessful initialization =20=

> of your prepared statement.
>
> If you don't want to include your primary key column that is =20
> autogenerated you just ignore it. That means to write a proper query =20=

> like:
>
> INSERT INTO legioCurrent (column_1, column_2, ...)
> VALUES (?,?,...)

I was not aware with prepared statements you could do it that way... =20
Thank you! Once I added that it worked like a charm! Not quite sure =20
how I missed that on the manuel page though...

>
>
> I would also like to propose for you to use the object oriented =20
> style, since it's more readable and easier to get an overview of.

I have never been able to understand OO code... For me the procedural =20=

code is much easier to read.



> You also don't need to mess around with so many parameters.

What do you mean by this?

>
>

--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
japruim@raoset.com




--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: mysqli_stmt_bind_param question

Hi again Jason!

Jason Pruim wrote:

> On Apr 4, 2008, at 2:35 PM, Krister Karlström wrote:
>>
>> You also don't need to mess around with so many parameters.
>>
> What do you mean by this?

Since you're working in object context you mostly just refer to your
"variable" with the name of the object and the calls the method with the
arrow -> operator. But anyway, if you're not familiar with object
orientation then I think it's no point for me to go into this discussion
right now... :-)

On the manual page, to which I posted a link to you in my previous post,
there's the same code in both procedural style and in object oriented
style. I think you'll get the point by comparing those two examples.

Greetings,
Krister Karlström, Helsinki, Finland

--
* Ing. Krister Karlström, Zend Certified Engineer *
* Systemutvecklare, IT-Centralen *
* Arcada - Nylands Svenska Yrkeshögskola *
* Jan-Magnus Janssons plats 1, 00550 Helsingfors, Finland *
* Tel: +358(20)7699699 GSM: +358(50)5328390 *
* E-mail: krister.karlstrom@arcada.fi *

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php