Asked  7 Months ago    Answers:  5   Viewed   44 times

All the examples I see using mysqli_fetch_object use mysql_query(), I cannot get it to work with prepared statements. Does anyone know what is wrong with this code snippet, as fetch_object returns null.

$sql = "select 1 from dual";
printf("preparing %sn", $sql);
$stmt = $link->prepare($sql);
printf("prepare statement %sn", is_null($stmt) ? "is null" : "created");
$rc = $stmt->execute();
printf("num rows is %dn", $stmt->num_rows);
$result = $stmt->result_metadata();
printf("result_metadata %sn", is_null($result) ? "is null" : "exists");
$rc = $result->fetch_object();
printf("fetch object returns %sn", is_null($rc) ? "NULL" : $rc);
$stmt->close();

The output is:

preparing select 1 from dual
prepare statement created
num rows is 0
result_metadata exists
fetch object returns NULL

 Answers

54

I don't believe the interface works like that.

Going by the documentation and examples (http://www.php.net/manual/en/mysqli.prepare.php) it seems that $stmt->execute() does not return a resultset, but a boolean indicating success / failure (http://www.php.net/manual/en/mysqli-stmt.execute.php). To actually get the result, you need to bind variables to the resultset (aftere the execute call) using $stmt->bind_result (http://www.php.net/manual/en/mysqli-stmt.bind-result.php).

After you did all that, you can do repeated calls to $stmt->fetch() () to fill the bound variables with the column values from the current row. I don't see any mention of $stmt->fetch_object() nor do I see how that interface could work with a variable binding scheme like described.

So this is the story for "normal" result fetching from mysqli prepared statments.

In your code, there is something that I suspect is an error, or at least I am not sure you intended to do this. You line:

$result = $stmt->result_metadata();

assignes the resultset metadata, which is itself represented as a resultset, to the $result variable. According to the doc (http://www.php.net/manual/en/mysqli-stmt.result-metadata.php) you can only use a subset of the methods on these 'special' kinds of resultsets, and fetch_object() is not one of them (at least it is not explicitly listed).

Perhaps it is a bug that fetch_object() is not implemented for these metadata resultsets, perhaps you should file a bug at bugs.mysql.com about that.

Wednesday, March 31, 2021
 
Gilko
answered 7 Months ago
39

yo need create the user "pma" in mysql or change this lines(user and password for mysql):

/* User for advanced features */
$cfg['Servers'][$i]['controluser'] = 'pma'; 
$cfg['Servers'][$i]['controlpass'] = '';

Linux: /etc/phpmyadmin/config.inc.php

Tuesday, July 13, 2021
 
ShadowZzz
answered 3 Months ago
31

Not quite but you can do this:

switch(color)
{
case GREEN:
case RED:
case BLUE:
     Paint();
     break;
case YELLOW:
     if(AlsoHasCriteriaX) {
         Paint();
         break; /* notice break here */
     }
default:
     Print("Ugly color, no paint.")
     break;
}

OR you could do this:

switch(color)
{
case GREEN:
case RED:
case BLUE:
     Paint();
     break;
case YELLOW:
     if(AlsoHasCriteriaX) {
         Paint();
         break; /* notice break here */
     }
     goto explicit_label;

case FUCHSIA:
     PokeEyesOut();
     break;

default:
explicit_label:
     Print("Ugly color, no paint.")
     break;
}
Monday, August 9, 2021
 
Zulakis
answered 3 Months ago
14

"Yes", but it won't do what you expect.

The expression used for the switch is evaluated once - in this case contains evaluates to true/false as the result (e.g. switch(true) or switch(false)) , not a string that can be matched in a case.

As such, the above approach won't work. Unless this pattern is much larger/extensible, just use simple if/else-if statements.

var loc = ..
if (loc.contains("google")) {
  ..
} else if (loc.contains("yahoo")) {
  ..
} else {
  ..
}

However, consider if there was a classify function that returned "google" or "yahoo", etc, perhaps using conditionals as above. Then it could be used as so, but is likely overkill in this case.

switch (classify(loc)) {
   case "google": ..
   case "yahoo": ..
   ..
}

While the above discusses such in JavaScript, Ruby and Scala (and likely others) provide mechanisms to handle some more "advanced switch" usage.

Friday, August 13, 2021
 
Strae
answered 2 Months ago
36

This is how your code should look (with added SQL Injection protection):

<?php
include "dbinfo.php"; //contains mysqli_connect information (the $mysqli variable)
//inputs
$name = mysqli_real_escape_string($_GET['name']);
$text = mysqli_real_escape_string($_GET['text']);

$sqlqr = "INSERT INTO `ncool`.`coolbits_table` (`name`, `text`, `date`) VALUES ('" . $name . "', '" . $text . "', CURRENT_TIMESTAMP);";

mysqli_query($mysqli,$sqlqr); //function where the magic happens.
?>

Take a look at what I've done. Firstly I've escaped the user input you're retrieving into the $name and $text variables (this is pretty much a must for security reasons) and as others have suggested you should preferably be using prepared statements.

The problem is that you weren't surrounding string values with single quotes ('), which is a requirement of the SQL syntax.

I hope this helps to answer your question.

Thursday, September 2, 2021
 
Pachvarsh
answered 2 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
 
Share