Questions tagged [prepared-statement]

A Prepared Statement (or parameterized statement) is a precompiled SQL statement that serves to improve performance and mitigate SQL injection attacks. Prepared statements are used in many popular Relational Database Management Systems.

Prepared statements separate data binding from execution. Separating statement preparation from execution can be more efficient for statements that are executed multiple times, because the preparation phase need be done only once. For example, if you need to insert a bunch of rows, you can prepare an INSERT statement once and then execute it repeatedly, binding successive row values to it for each execution. A prepared statement can contain placeholders to indicate where data values should appear. After you prepare the statement, bind specific values to the placeholders (either before or at statement-execution time), then substitute the values into the statement before sending it to the database server.

Also see: rdbms, sql

6193 questions

votes

4 answers

Node-postgres: named parameters query (nodejs)

I used to name my parameters in my SQL query when preparing it for practical reasons like in php with PDO. So can I use named parameters with node-postgres module? For now, I saw many examples and docs on internet showing queries like…

sql node.js prepared-statement node-postgres

asked Sep 16 '15 at 13:37

AnomalySmith

votes

6 answers

This PDO prepared statement returns false but does not throw an error

This code does not throw an error but the query fails, that is, the execute method returns false. How could that be? require_once("Abstracts/DBManager.php"); require_once("UI/UI.Package.php"); class BlogDBM extends DBManager { private $table =…

php mysql insert pdo prepared-statement

asked Mar 25 '10 at 18:34

Simsevu

votes

3 answers

Rails 3.2 frequent postgres prepared statement already exists errors

I've been digging around stackoverflow trying to find others who get these prepared statements already exists errors. In most cases configuring unicorn properly with the after/before fork resolves these issues. However in my case we are still…

ruby-on-rails postgresql heroku ruby-on-rails-3.2 prepared-statement

asked Jun 27 '14 at 17:56

Eugene Correia

votes

2 answers

Inserting into custom SQL types with prepared statements in java

I have some custom types. They are all basically enums. Here is an example of what they look like: CREATE TYPE card_suit AS ENUM ('spades', 'clubs', 'hearts', 'diamonds'); And I have some prepared statements in Java, which look…

java sql postgresql prepared-statement

asked May 13 '12 at 12:45

Tom Carrick

6,349
13
54
78

votes

2 answers

Cannot pass parameter by reference in MySQLi

I am trying to pass a string into my MySQLi prepared statement but it gives me the error: Cannot pass parameter by reference in MySQLi Here is the relevant code: $kv = json_encode(array($key => $value)); $stmt->prepare("insert into rules…

php mysql binding mysqli prepared-statement

asked Apr 06 '11 at 16:36

chustar

12,225
24
81
119

votes

4 answers

How do I use pdo's prepared statement for order by and limit clauses?

I want to use a prepared statement in which the passed-in parameters are for the ORDER BY and LIMIT clauses, like so: $sql = 'SELECT * FROM table ORDER BY :sort :dir LIMIT :start, :results'; $stmt = $dbh->prepare($sql); $stmt->execute(array( …

php pdo prepared-statement

asked Apr 21 '10 at 14:04

user198729

61,774
108
250
348

votes

3 answers

Are Prepared statements supported in embedded MySQL

I normally develop with a live server, but for the first time I figured I'd make the leap and see if I could get all my (C++) mysql code working as an embedded server. Particularly, I'm very fond of prepared statements as they are (IMHO) "generally"…

c++ mysql prepared-statement embedded-database

asked Mar 29 '12 at 17:50

Sass

votes

1 answer

Queries with prepared statements in Android?

In Android, android.database.sqlite.SQLiteStatement allows me to use prepared statements in SQLite to avoid injection attacks. Its execute method is suitable for create/update/delete operations, but there does not seem to be any method for queries…

android sql sqlite prepared-statement

asked Mar 25 '12 at 00:59

shadowmatter

1,352
2
18
30

votes

4 answers

Are the parameter values automatically cleared after executing a batch of SQL commands with a Java PreparedStatemen?

I have the following code snippet: PreparedStatement preparedStatement = connection.prepareStatement(sql); for (int i = 0; i < 100000; i++) { preparedStatement.setObject(1, someValue); preparedStatement.addBatch(); if ((i + 1) % 100 ==…

java sql jdbc prepared-statement

asked Feb 08 '12 at 11:36

Clara

2,935
6
34
49

votes

4 answers

"ORA-01008: not all variables bound" error

I am using following method for calculating payroll by using jdbc but "ORA-01008: not all variables bound" error is not removing. Any idea please? I am using following code public double getPayroll(){ ResultSet rs = null; …

java oracle jdbc prepared-statement ora-01008

asked Jun 24 '11 at 15:07

Adnan

4,517
15
44
54

votes

1 answer

MySQL : named parameters with PREPARE command?

Is it possible in MySQL to use the PREPARE command with named parameters such as PDO in PHP: Here is my example: SET @s = 'SELECT * FROM MY_TABLE WHERE my_column_1 = ? AND my_column_2 = ? '; PREPARE stmt2 FROM @s; SET @a = 54; SET @b = 89'; …

mysql parameters prepared-statement

asked Apr 12 '11 at 09:39

Ricou

votes

4 answers

When should I use prepared statements?

Originally I used mysql_connect and mysql_query to do things. Then I learned of SQL injection, so I am trying to learn how to use prepared statements. I understand how the prepare and execute functions of the PDO class are useful to prevent SQL…

php security prepared-statement sql-injection

asked Jul 28 '14 at 05:25

G.SINGH

votes

1 answer

Cassandra Java Driver- QueryBuilder API vs PreparedStatements

Datastax Java driver (cassandra-driver-core 2.0.2) for Cassandra supports PreparedStatements as well as QueryBuilder API. Any specific advantages using one over the other? Disadvantages? Documentation:…

java cassandra prepared-statement cassandra-2.0 datastax-java-driver

asked Jul 24 '14 at 03:47

MasterV

1,162
1
13
18

votes

2 answers

How to use prepared statement for select query in Java?

I had tried several times using prepared statements but it returns SQL exception. here is my code: public ArrayList name(String mobile, String password) { ArrayList getdata = new ArrayList(); PreparedStatement stmt =…

java mysql sql jdbc prepared-statement

asked Jul 11 '14 at 07:29

jasim

votes

3 answers

mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables

So I have this massive headache inducing query that I need to perform involving 65 form inputs needing to be injected into a database using mysqli prepared statements. The issue I'm running into is that it says the # of variables I am attempting to…

php mysql mysqli prepared-statement

asked Jun 21 '13 at 13:58

Samuel Stiles

2,118
5
22
27

Prev 1 2 3

…

99 100 Next