Jump to content

getting the feedback in php

shadd

By shadd
in PHP Coding Help

 Share
Go to solution Solved by Barand,

Recommended Posts

shadd Member

shadd

Posted
Posted

i have a stored procedure as : 

Create Procedure Update_studentinfo ( IN p_id INT, IN p_address varchar(20))
    BEGIN
    UPDATE student_info
    SET
    address = p_address WHERE id = p_id;
select "successful as result;"
 END //

And works fine on the server mysql.

how can I get the confirmation in Php 

$mSuccessMessage = Update_studentinfo(125, 'Shimla');

 

Link to comment
Share on other sites
Barand Prolific Member

Barand

Posted
Posted 
TABLE: student_info
+-----+---------+
| id  | address |
+-----+---------+
| 125 | xyz     |
| 126 | bbb     |
+-----+---------+

Procedure 

DELIMITER $$

CREATE PROCEDURE `Update_studentinfo`( IN p_id INT, IN p_address varchar(20))
BEGIN
    UPDATE student_info
    SET
    address = p_address WHERE id = p_id;
    select "successful as result";
END$$

DELIMITER ;
;

PHP 

$res = $pdo->query("CALL update_studentinfo(125, 'Shimla')");
echo $res->fetchColumn();

Output 

successful as result

TABLE student_info 

+-----+---------+
| id  | address |
+-----+---------+
| 125 | Shimla  |
| 126 | bbb     |
+-----+---------+

 

Link to comment
Share on other sites
shadd Member

shadd

Posted
  • Author
Posted
On 7/14/2024 at 2:46 AM, Barand said: 
TABLE: student_info
+-----+---------+
| id  | address |
+-----+---------+
| 125 | xyz     |
| 126 | bbb     |
+-----+---------+

Procedure 

DELIMITER $$

CREATE PROCEDURE `Update_studentinfo`( IN p_id INT, IN p_address varchar(20))
BEGIN
    UPDATE student_info
    SET
    address = p_address WHERE id = p_id;
    select "successful as result";
END$$

DELIMITER ;
;

PHP 

$res = $pdo->query("CALL update_studentinfo(125, 'Shimla')");
echo $res->fetchColumn();

Output 

successful as result

TABLE student_info 

+-----+---------+
| id  | address |
+-----+---------+
| 125 | Shimla  |
| 126 | bbb     |
+-----+---------+

 

what if i used prepared statement inside procedure will it affect the output in php

set @Updateanswer_sql=CONCAT('UPDATE student_info SET
    address =', p_address,'  WHERE id =', p_id);

           PREPARE sUpdateanswer FROM @Updateanswer_sql;
            EXECUTE sUpdateanswer;
            DEALLOCATE PREPARE sUpdateanswer;

select "successful as result";

 

 

Link to comment
Share on other sites
  • Solution
Barand Prolific Member

Barand

Posted
  • Solution
Posted

The purpose of a prepared statement is to avoid placing variable contents directly into the query (and thus avoid SQL injection attacks) by using placeholders and parameters.

Using a stored procedure does the same thing.

Therefore using a prepared statement inside a stored procedure is a "belt and braces" approach and unnecessary overkill.

You should note that your use of prepare is incorrect as you are not using placeholders, but placing the values into the query via concatenation, and is therefore a waste of time anyway.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.