Jump to content

closing prepared statements necessary?

MFA

By MFA
in PHP Coding Help

 Share

Recommended Posts

MFA Member

MFA

Posted
Posted

I've just completed my first prepared statement, converted to using them for security reasons. I've tested it and it works however I am looking for feedback (constructive criticism welcomed) regarding the code itself although I understand it 's fairly basic. Here's teh code:

 

<?php
//prepared statement example
include 'database.php';
$query = "SELECT ID FROM users WHERE email = ?";
$email = 'myemail@gmail.com';
$statement = mysqli_stmt_init($connect);

mysqli_stmt_prepare($statement, $query);
mysqli_stmt_bind_param($statement, 's', $email);
mysqli_stmt_execute($statement);
mysqli_stmt_bind_result($statement, $id);
mysqli_stmt_fetch($statement);

echo $id;
?>

 

Also, is using mysqli_stmt_close necessary? Am I correct in saying that without using this function I will not be able to create another prepared statement within that script? - because I have tried the latter and it wouldn't work unless I did close the statement.

 

Link to comment
https://forums.phpfreaks.com/topic/275467-closing-prepared-statements-necessary/
Share on other sites
MFA Member

MFA

Posted
  • Author
Posted

I'm not sure what "out of sync" errors are. I don't get error messages if that's what you mean.This is my code at the moment.

<?php

//prepared statement example

include 'database.php';

$query = "SELECT ID FROM users WHERE email = ?";

$email = 'example@googlemail.com';

$statement = mysqli_stmt_init($condbmembers);

mysqli_stmt_prepare($statement, $query);

mysqli_stmt_bind_param($statement, 's', $email);

mysqli_stmt_execute($statement);

mysqli_stmt_bind_result($statement, $id);

mysqli_stmt_fetch($statement);

echo $id . "</br>"; // THIS WORKS!!


$querytwo = "SELECT fname FROM users WHERE ID = ?";

$uid = '4';


$statementone = mysqli_stmt_init($condbmembers);

mysqli_stmt_prepare($statementone, $querytwo);

mysqli_stmt_bind_param($statementone, 'i', $uid);

mysqli_stmt_execute($statementone);

mysqli_stmt_bind_result($statementone, $fname);

mysqli_stmt_fetch($statementone);

echo $fname; //THIS DOESN'T UNLESS I INSERT mysqli_stmt_close($statement); FOLLOWING echo $id . "</br>";



?>

  • 4 weeks later...
gizmola Prolific Member

gizmola

Posted
Posted

Yes, if you need to run multiple statements in a script you have to close each one in turn, before you can run the next one.

 

To quote the manual:

Every prepared statement occupies server resources. Statements should be closed explicitly immediately after use. If not done explicitly, the statement will be closed when the statement handle is freed by PHP.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.