Jump to content

closing prepared statements necessary?


MFA

Recommended Posts

I've just completed my first prepared statement, converted to using them for security reasons. I've tested it and it works however I am looking for feedback (constructive criticism welcomed) regarding the code itself although I understand it 's fairly basic. Here's teh code:

 

<?php
//prepared statement example
include 'database.php';
$query = "SELECT ID FROM users WHERE email = ?";
$email = 'myemail@gmail.com';
$statement = mysqli_stmt_init($connect);

mysqli_stmt_prepare($statement, $query);
mysqli_stmt_bind_param($statement, 's', $email);
mysqli_stmt_execute($statement);
mysqli_stmt_bind_result($statement, $id);
mysqli_stmt_fetch($statement);

echo $id;
?>

 

Also, is using mysqli_stmt_close necessary? Am I correct in saying that without using this function I will not be able to create another prepared statement within that script? - because I have tried the latter and it wouldn't work unless I did close the statement.

 

Link to comment
Share on other sites

No it's not necessary because everything will be garbage collected at the end of the script.

 

Okay, but how come I can't use another prepared statement unless I use mysqli_stmt_close($etc); after the first one?

Link to comment
Share on other sites

I'm not sure what "out of sync" errors are. I don't get error messages if that's what you mean.This is my code at the moment.

<?php

//prepared statement example

include 'database.php';

$query = "SELECT ID FROM users WHERE email = ?";

$email = 'example@googlemail.com';

$statement = mysqli_stmt_init($condbmembers);

mysqli_stmt_prepare($statement, $query);

mysqli_stmt_bind_param($statement, 's', $email);

mysqli_stmt_execute($statement);

mysqli_stmt_bind_result($statement, $id);

mysqli_stmt_fetch($statement);

echo $id . "</br>"; // THIS WORKS!!


$querytwo = "SELECT fname FROM users WHERE ID = ?";

$uid = '4';


$statementone = mysqli_stmt_init($condbmembers);

mysqli_stmt_prepare($statementone, $querytwo);

mysqli_stmt_bind_param($statementone, 'i', $uid);

mysqli_stmt_execute($statementone);

mysqli_stmt_bind_result($statementone, $fname);

mysqli_stmt_fetch($statementone);

echo $fname; //THIS DOESN'T UNLESS I INSERT mysqli_stmt_close($statement); FOLLOWING echo $id . "</br>";



?>

Link to comment
Share on other sites

  • 4 weeks later...

Yes, if you need to run multiple statements in a script you have to close each one in turn, before you can run the next one.

 

To quote the manual:

Every prepared statement occupies server resources. Statements should be closed explicitly immediately after use. If not done explicitly, the statement will be closed when the statement handle is freed by PHP.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.