Questions tagged [prepared-statement]

A Prepared Statement (or parameterized statement) is a precompiled SQL statement that serves to improve performance and mitigate SQL injection attacks. Prepared statements are used in many popular Relational Database Management Systems.

Prepared statements separate data binding from execution. Separating statement preparation from execution can be more efficient for statements that are executed multiple times, because the preparation phase need be done only once. For example, if you need to insert a bunch of rows, you can prepare an INSERT statement once and then execute it repeatedly, binding successive row values to it for each execution. A prepared statement can contain placeholders to indicate where data values should appear. After you prepare the statement, bind specific values to the placeholders (either before or at statement-execution time), then substitute the values into the statement before sending it to the database server.

Also see: rdbms, sql

6193 questions

votes

2 answers

Mysqli Prepare Statement - Returning False, but Why?

I have a function that generates a prepared INSERT statement based on an associative array of column names and values to be inserted into that column and a table name (a simple string): function insert ($param, $table) { $sqlString = "INSERT…

php mysqli prepared-statement

asked Aug 02 '09 at 20:48

Andrew E.

votes

1 answer

Is mysql_real_escape_string() necessary when using prepared statements?

For this query, is necessary to use mysql_real_escape_string? Any improvement or the query is fine ? $consulta = $_REQUEST["term"]."%"; ($sql = $db->prepare('select location from location_job where location like ?')); $sql->bind_param('s',…

php mysql mysqli prepared-statement

asked Jun 03 '11 at 20:06

anvd

3,997
19
65
126

votes

3 answers

How to use IN clause with PreparedStatement in PostgreSQL

I have to write a SQL query for Postgres database as follows: DELETE FROM employee WHERE ename IN (?) I want to pass ename as list or string which will contain multiple employee names, e.g. "abc, bcd, efg". How to set the values? How to use IN…

sql postgresql jdbc prepared-statement

asked Apr 29 '16 at 03:36

Ritesh

votes

5 answers

Should I use prepared statements for MySQL in PHP PERFORMANCE-WISE?

I understand the security benefits of prepared statements in MySQL. No need to cover that topic here. I'm wondering about the performance aspect of them. Now, I know when a query using a prepared statement is executed twice in a single PHP script,…

php mysql performance pdo prepared-statement

asked Feb 06 '10 at 19:31

Mike Sherov

13,277
8
41
62

votes

7 answers

PDO error: SQLSTATE[HY000]: General error: 2031

I'm getting this annoying error and although I have an idea of why I'm getting it, I can't for the life of me find a solution to it. if ($limit) { $sth->bindValue(':page', $page - 1, PDO::PARAM_INT); $sth->bindValue(':entries_per_page', $page…

php mysql pdo prepared-statement

asked Jun 24 '13 at 11:38

silkfire

24,585
15
82
105

votes

4 answers

Missing STOPKEY per partition in Oracle plan for paging by local index

There is next partitioned table: CREATE TABLE "ERMB_LOG_TEST_BF"."OUT_SMS"( "TRX_ID" NUMBER(19,0) NOT NULL ENABLE, "CREATE_TS" TIMESTAMP (3) DEFAULT systimestamp NOT NULL ENABLE, /* other fields... */ ) PCTFREE 10 PCTUSED 40 INITRANS 1…

sql oracle prepared-statement partitioning sql-execution-plan

asked Mar 12 '13 at 09:32

Tsimon Dorakh

votes

2 answers

How can i insert timestamp with timezone in postgresql with prepared statement?

I am trying to insert to a timestamp with timezone field of my DB a string which includes date, time and timezone using prepared statement. The problem is that Timestamp.valueof function does not take into consideration the time zone that the string…

postgresql timestamp prepared-statement timestamp-with-timezone value-of

asked Dec 03 '12 at 02:00

Mike Vasi

votes

3 answers

How do I set a full date & time sql using java, and not just the date?

I am trying to set a timestamp in my database using java, however in my table all I get is the date, and no time (i.e., looks like "2010-09-09 00:00:00"). I am using a datetime field on my mysql database (because it appears that datetime is more…

java mysql datetime jdbc prepared-statement

asked Sep 09 '10 at 14:36

Adam Morris

8,265
12
45
68

votes

1 answer

Can PreparedStatement's 'setObject' method be used for any datatype?

Can the PreparedStatement's .setObject method be used for any data type (String, Integer, Double, Date, DateTime, Byte Array, etc.) supported by MySQL instead of using the individual .setInt, .setDouble, etc. methods? Thanks!

java mysql jdbc prepared-statement

asked Feb 21 '16 at 02:33

C_Neth

votes

2 answers

mysqli: can it prepare multiple queries in one statement?

I would like to know if i can prepare one mysqli statement that executes multiple queries: mysqli->prepare(query1 ...1,2,3 param...; query2...4,5 param...); or mysqli->prepare(insert into ...1,2,3 param...; insert into...4,5 param...); and after…

php mysql mysqli prepared-statement

asked Jul 24 '12 at 14:20

Donovant

3,091
8
40
68

votes

2 answers

LIMIT keyword on MySQL with prepared statement

SELECT id, content, date FROM comment WHERE post = ? ORDER BY date DESC LIMIT ?, ? With PDO (I'm using MAMP 2.0.5 that has Apache 2.2.21, PHP up to 5.3.6, and MySQL 5.5.9) prepared statement this doesn't work, if I change the query with LIMIT 0,…

php mysql prepared-statement limit

asked Apr 04 '12 at 15:19

genesisxyz

votes

3 answers

JDBC Prepared Statement . setDate(....) doesn't save the time, just the date.. How can I save the time as well?

I have the following Query : INSERT INTO users (user_id, date_created) VALUES (?,?) I have the following prepared statement PreparedStatement insertUser = dbConnection.prepareStatement(sql, Statement.RETURN_GENERATED_KEYS); insertUser.setInt(1,…

java jdbc prepared-statement

asked Jul 29 '11 at 13:47

Wael Awada

1,506
3
18
31

votes

2 answers

Does SQLite3 have prepared statements in Node.js?

From the npm docs, only visible prepared statements are for insert. Does these prepared statement work for Select, update, and delete? I tried for select, there isn't a .each function where the rows are called back. Anyone been able to do this or…

sql node.js express sqlite prepared-statement

asked Mar 02 '15 at 05:58

lzc

1,645
5
27
41

votes

4 answers

Prepared Statements - Number of Rows

I'm just trying to figure out how to determine the number of rows and then make that number display in the HTML. My prepared statement looks like this: if($stmt = $mysqli -> prepare("SELECT field1, field2, field3 FROM table WHERE id= ?ORDER BY id…

php mysqli prepared-statement

asked May 24 '13 at 00:26

Kevin

1,685
7
28
55

votes

2 answers

Does closing Connection automatically close statement and resultset?

I know the safe pattern in Java is to close your ResultSet, Statement, and Connection in order in a finally block. If you close connection and then try to close statement(doesnt throw exception). But if you try to call any method from statement an…

java database database-connection prepared-statement

asked Dec 24 '12 at 17:52

Srujan Kumar Gulla

5,721
9
48
78

Prev 1 2 3

…

99 100 Next