ricmetal Posted April 20, 2009 Share Posted April 20, 2009 hey, why doesnt this work? /* QUERY */ $mysqli = new mysqli('host', 'user', 'password', 'database'); if (mysqli_connect_errno()) { echo "error"; exit(); } $stmt = $mysqli->prepare("INSERT INTO table VALUES (?, ?, ?, ?)"); $stmt->bind_param('isss', NULL, $var1, $var2, $var3); $var1Raw = substr($_POST['var1'], 0, 50); $var2Raw = substr($_POST['var2'], 0, 300); $var3Raw = substr($_POST['var3'], 0, 50); $var1 = mysql_real_escape_string(trim(strip_tags($var1RAW))); $var2 = mysql_real_escape_string(trim(strip_tags($var2RAW))); $var3 = mysql_real_escape_string(trim(strip_tags($var3RAW))); $stmt->execute(); $stmt->close(); $mysqli->close(); i know i dont need the mysql_real_escape thingie but it should work with whatever functions i use, and im being stuborn Quote Link to comment https://forums.phpfreaks.com/topic/154924-solved-needing-help-to-setup-prepared-statements/ Share on other sites More sharing options...
soak Posted April 20, 2009 Share Posted April 20, 2009 Any error messages? try error_reporting(E_ALL); I'm thinking that there's a possibility that your first column is an auto_inc and that you need to pass it null for it to work correctly. As you're casting it as an int it may not be getting to the db as null. If that's the case then try moving the null from the bind_param to the query itself. Quote Link to comment https://forums.phpfreaks.com/topic/154924-solved-needing-help-to-setup-prepared-statements/#findComment-814889 Share on other sites More sharing options...
Daniel0 Posted April 20, 2009 Share Posted April 20, 2009 1) You're defining the variables after you're using them. 2) You should not escape strings when using prepared statements. That's taken care of automatically and you'll thus have it double escaped, so to speak. Quote Link to comment https://forums.phpfreaks.com/topic/154924-solved-needing-help-to-setup-prepared-statements/#findComment-814895 Share on other sites More sharing options...
soak Posted April 20, 2009 Share Posted April 20, 2009 That's how bind_params works, it is a bit odd isn't it. Much prefer PDO myself, loads easier to use. Quote Link to comment https://forums.phpfreaks.com/topic/154924-solved-needing-help-to-setup-prepared-statements/#findComment-814901 Share on other sites More sharing options...
Daniel0 Posted April 20, 2009 Share Posted April 20, 2009 Huh... never noticed that they used references. To be honest, I think that's pretty stupid. I normally do not use MySQLi directly. I don't like it's interface. I prefer to use PDO or a custom wrapper around either MySQLi or PDO. Anyway, ricmetal, could you perhaps elaborate on how it "doesn't work". Quote Link to comment https://forums.phpfreaks.com/topic/154924-solved-needing-help-to-setup-prepared-statements/#findComment-814914 Share on other sites More sharing options...
ricmetal Posted April 20, 2009 Author Share Posted April 20, 2009 it was the NULL $stmt = $mysqli->prepare("INSERT INTO table VALUES (NULL, ?, ?, ?)"); $stmt->bind_param('sss', ... works thanks Quote Link to comment https://forums.phpfreaks.com/topic/154924-solved-needing-help-to-setup-prepared-statements/#findComment-814946 Share on other sites More sharing options...
ricmetal Posted April 20, 2009 Author Share Posted April 20, 2009 the database wasn't being populated. Quote Link to comment https://forums.phpfreaks.com/topic/154924-solved-needing-help-to-setup-prepared-statements/#findComment-814955 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.