Yes. See here. Section 7.1.9. Change your code to: String sql = “INSERT INTO table (column1, column2) values(?, ?)”; stmt = conn.prepareStatement(sql, Statement.RETURN_GENERATED_KEYS); stmt.executeUpdate(); if(returnLastInsertId) { ResultSet rs = stmt.getGeneratedKeys(); rs.next(); auto_id = rs.getInt(1); }
No, JDBC does not allow this. Only column values can be set. If you want to make dynamic changes to the sql statement you will have to do it before you create the PreparedStatement.
Try this code: // Create an array of the values to use in the list $villes = array(“paris”, “fes”, “rabat”); // Generate the SQL statement. // The number of %s items is based on the length of the $villes array $sql = ” SELECT DISTINCT telecopie FROM `comptage_fax` WHERE `ville` IN(“.implode(‘, ‘, array_fill(0, count($villes), ‘%s’)).”) … Read more
An UPDATE works the same as an insert or select. Just replace all the variables with ?. $sql = “UPDATE Applicant SET phone_number=?, street_name=?, city=?, county=?, zip_code=?, day_date=?, month_date=?, year_date=? WHERE account_id=?”; $stmt = $db_usag->prepare($sql); // This assumes the date and account_id parameters are integers `d` and the rest are strings `s` // So that’s … Read more
Your prepared statement is wrong, it should be: $stmt = $mysqli->prepare(” SELECT DISTINCT model FROM vehicle_types WHERE year = ? AND make = ? ORDER by model “); $stmt->bind_param(‘is’, $year, $make); $stmt->execute(); When you prepare a statement, you have to substitute every variable with a question mark without quotes. A question mark within quotes will … Read more
What you are seeing is a parameterized query. They are frequently used when executing dynamic SQL from a program. For example, instead of writing this (note: pseudocode): ODBCCommand cmd = new ODBCCommand(“SELECT thingA FROM tableA WHERE thingB = 7”) result = cmd.Execute() You write this: ODBCCommand cmd = new ODBCCommand(“SELECT thingA FROM tableA WHERE thingB … Read more
You have to pass parameters to bind_param() by reference, which means you have to pass a single variable (not a concatenated string). There’s no reason you can’t construct such a variable specifically to pass in, though: $className=”%” . $this->className . ‘%’; $query->bind_param(‘s’, $className);
Use get_result() instead of store_result(), and then use the result object’s num_rows: $a->execute(); $res = $a->get_result(); if ($res->num_rows > 0) { while ($row = $res->fetch_assoc()) { $results[] = $row; } return $results; } else { return false; }
That’s because fetch_assoc is not part of a mysqli_stmt object. fetch_assoc belongs to the mysqli_result class. You can use mysqli_stmt::get_result to first get a result object and then call fetch_assoc: $selectUser = $db->prepare(“SELECT `id`,`password`,`salt` FROM `users` WHERE `username`=?”); $selectUser->bind_param(‘s’, $username); $selectUser->execute(); $result = $selectUser->get_result(); $assoc = $result->fetch_assoc(); Alternatively, you can use bind_result to bind the … Read more
This same error 2031 can be issued when one bind two values with the same parameter name, like in: $sth->bindValue(‘:colour’, ‘blue’); $sth->bindValue(‘:colour’, ‘red’); ..so, beware.