Edward Posted August 7, 2012 Share Posted August 7, 2012 I am not sure how to write the code for a OOP prepared UPDATE statement or how to write bind params? Does anyone know how to do it for the set of code i have below. $q = "UPDATE user SET username=$username, password=$password, activation_code=NULL, registration_date=NOW() WHERE (email=$email AND activation_code=$activation_code) LIMIT 1"; // Prepare the statement: $stmt = $mysqli->prepare($q); // Bind the variables: $stmt->bind_param('ss', $email, $activation); // Execute the query: $stmt->execute(); I have an error showing on my script now: Fatal error: Call to a member function bind_param() on a non-object I thought prepared statements would be better on INSERTS only or am i wrong, i thought they were more secure than just using regular statements. But i think if you have already INSERTED the data with a prepared statement is it necessary? Link to comment Share on other sites More sharing options...
Edward Posted August 7, 2012 Author Share Posted August 7, 2012 I think I may know part of the answer we substitute ?'s in for variables used in $q part then include more letters in bind_param? What about NULL and NOW()? Link to comment Share on other sites More sharing options...
Antonio Conte Posted August 7, 2012 Share Posted August 7, 2012 You are right. There's only three types. Integers, Doubles, Strings and Blobs. Most types, except numbers, are really String. Both null values "" (empty string) and "Now()" are Strings. 2 Link to comment Share on other sites More sharing options...
Edward Posted August 8, 2012 Author Share Posted August 8, 2012 Still stuck with this $q = "UPDATE user SET username=?, password=?, activation_code=?, registration_date=? WHERE (email=? AND activation_code=?) LIMIT 1"; //$q = "UPDATE user SET username=$username, password=$password, activation_code=NULL, registration_date=NOW() WHERE (email=$email AND activation_code=$activation_code) LIMIT 1"; $stmt->bind_param('ssssss', $username, $password, NULL, NOW(), $email, $activation_code); My bind statement is not working, i can't find much example online of how to do this kind of statement, anyone have any idea? How to handle the NULL and NOW()? Link to comment Share on other sites More sharing options...
Edward Posted August 8, 2012 Author Share Posted August 8, 2012 Realised i made a mistake on some of the syntax, $q = "UPDATE user SET username='$username', pass='$password', activation_code=NULL, registration_date=NOW() WHERE (email='$email' AND activation_code='$activation_code') LIMIT 1"; Here is my statement so how to set this up in oop prepared statements, can't find anything to help me with this? Ive written the code without prepared statements and it works so query is correct but i would really like to know how to get this statement as prepared, any ideas? Link to comment Share on other sites More sharing options...
Edward Posted August 8, 2012 Author Share Posted August 8, 2012 Hahahaha, it's working, it's working i used $q = "UPDATE user SET username=?, pass=?, activation_code=NULL, registration_date=NOW() WHERE (email=? AND activation_code=?) LIMIT 1"; $stmt = $mysqli->prepare($q); $stmt->bind_param('ssss', $username, $password, $email, $activation_code); $stmt->execute(); Link to comment Share on other sites More sharing options...
Recommended Posts