I’ve recently found the solution for my question. Maybe it’s not the best way to do it, but it works nice! Prove me wrong:) <?php $lastnames = array(‘braun’, ‘piorkowski’, ‘mason’, ‘nash’); $arParams = array(); foreach($lastnames as $key => $value) //recreate an array with parameters explicitly passing every parameter by reference $arParams[] = &$lastnames[$key]; $count_params = … Read more
Through some checking, even though mysqli is installed on my host, apparently the mysqlnd driver is not present. Therefore, get_result() can not be used(php manual defines get_result as mysqlnd dependent), and instead extra coding would need to be done to handle my result the way I would like. Therefore, I decided to try and learn … Read more
It’s possible to bind a true NULL value to the prepared statements (read this). You can, in fact, use mysqli_bind_parameter to pass a NULL value to the database. simply create a variable and store the NULL value (see the manpage for it) to the variable and bind that. Works great for me anyway. Thus it’ll … Read more
BIT column is a binary type in mysql (though it’s documented as numeric type – that’s not precisely true) and I advise to avoid it due to problems with client libraries (which PDO issue proves). You will spare yourself a lot of trouble if you modify type of column to TINYINT(1) TINYINT(1) will of course … Read more
The problem is that bindParam requires a reference. It binds the variable to the statement, not the value. Since the variable in a foreach loop is unset at the end of each iteration, you can’t use the code in the question. You can do the following, using a reference in the foreach: foreach ($reindex as … Read more
In other DB abstraction frameworks in other languages it can be used for things like making sure you’re doing the proper escaping for in-lining values (for drivers that don’t support proper bound parameters) and improving network efficiency by making sure numbers are binary packed appropriately (given protocol support). It looks like in PDO, it doesn’t … Read more
If you want stmt.setString(1, “a”); // This won’t return any records to return a record, try conn.prepareStatement(“select * from x where c = cast(? as char(4))”)
Thanks for the interesting question. Here you go: It escapes dangerous characters, Your concept is utterly wrong. In fact “dangerous characters” is a myth, there are none. And mysql_real_escape_string escaping but merely a string delimiters. From this definition you can conclude it’s limitations – it works only for strings. however, it is still vulnerable to … Read more
The first important thing to say is that you can insert multiple rows thanks to only one INSERT query INSERT INTO Table (col1, col2, col3) VALUES (‘abc’, ‘def’, ‘ghi’), (‘abc’, ‘def’, ‘ghi’), (‘abc’, ‘def’, ‘ghi’), (‘abc’, ‘def’, ‘ghi’), (‘abc’, ‘def’, ‘ghi’) — and so on… Once you know that, you’re able to get a good … Read more
CodeIgniter does not support Prepared Statements. If you look at the sourcecode for CI’s Database class, you will see that they resolve bindings simply by replacing the question marks with the data from the passed array: https://github.com/EllisLab/CodeIgniter/blob/develop/system/database/DB_driver.php#L874 They only support Query Binding with unnamed placeholders. See http://ellislab.com/codeigniter/user-guide/database/queries.html Query Bindings Bindings enable you to simplify your … Read more