Search the Community
Showing results for tags 'prepared statements'.
Found 1 result
HI All, I am writing a prepared statement to update some user information. Included in this table are the username and password fields. In this particular form, i dont want the user to have access to this information and have built a form that only shows what i want them to be able to change. The bit that i am not sure about is the prepared statement that i am writing. I am getting a boolean error suggesting that my prepare failed and i think this may be because i have not named every field in the table. To give an idea of the table fields i have pulled this from php my_admin (this is not the sql i am running) UPDATE `ssm_user` SET `user_id`=[value-1],`user_email`=[value-2],`user_password`=[value-3], `user_firstname`=[value-4],`user_lastname`=[value-5],`user_accountlevel`=[value-6], `user_mobile`=[value-7],`user_role`=[value-8],`user_lastlogondate`=[value-9] WHERE 1 my prepared statement is $stmt = $conn->prepare(" UPDATE ssm_user SET user_email=?, user_firstname=?, user_lastname=?, user_accountlevel=?, user_mobile=?, WHERE user_id = ? "); $stmt->bind_param('sssssi', $email, $fname, $lname, $accountlevel, $mobile, $uid); $stmt->execute(); return $stmt->affected_rows; Do i have to declare every field in the table or is there something that i am missing here.