Stack Overflow
Stack Overflow

Questions tagged [prepared-statement]

A Prepared Statement (or parameterized statement) is a precompiled SQL statement that serves to improve performance and mitigate SQL injection attacks. Prepared statements are used in many popular Relational Database Management Systems.

Prepared statements separate data binding from execution. Separating statement preparation from execution can be more efficient for statements that are executed multiple times, because the preparation phase need be done only once. For example, if you need to insert a bunch of rows, you can prepare an INSERT statement once and then execute it repeatedly, binding successive row values to it for each execution. A prepared statement can contain placeholders to indicate where data values should appear. After you prepare the statement, bind specific values to the placeholders (either before or at statement-execution time), then substitute the values into the statement before sending it to the database server.

Also see: ,

6193 questions
2
votes
2 answers

Inserting and reading a string array in Java

I'm using prepared statements to insert an array into my database PreparedStatement pstmt = conn.prepareStatement("INSERT INTO TABLE(stringArray) VALUES (?)"); String[] arr = { "a", " b", "c" }; pstmt.setObject(1, arr); I'm using setObject…
FredoAF
  • 504
  • 2
  • 8
  • 22
2
votes
3 answers

Can't find a 'syntax error' in my PHP code

I'm writing a function to authenticate a user. I create a connection with a database, then prepare a query, bind the parameter, execute the query, bind the result to a variable,check if the query returned a result. If it did I compare the result…
PAujla03
  • 117
  • 1
  • 2
  • 8
2
votes
1 answer

Why care about types in mysqli_stmt::bind_param?

I am using mysqli_stmt::bind_param function in my PHP scripts. It is not convenient to care whether you pass parameter type 'd' or type 's' or whatever. Why it is bad to always use type 's' for strings, integers and doubles? As far as I understand…
Georgy Nemtsov
  • 786
  • 1
  • 8
  • 19
2
votes
3 answers

Round bracket in string with JDBC prepared statement

Here is my Java JDBC code (modified and simplified for example): ps = connection.prepareStatement("SELECT a,b,c FROM mytable WHERE category ~ ?"); ps.setString(1, "my/super/category/abc(def"); ^ …
1ac0
  • 2,875
  • 3
  • 33
  • 47
2
votes
3 answers

bindParam works correctly no matter what data type is specified or given

While introducing myself to pgSQL prepared statements, I've successfully returned the results of a few queries. However, I have a few questions. Given the following query: $w_ft = "36"; $sth = $dbh->prepare("SELECT * FROM…
1252748
  • 14,597
  • 32
  • 109
  • 229
2
votes
2 answers

Use PreparedStatement to build a query

I was wondering if using PreparedStatement.setString() was a good idea (possible, sensible?) to dynamically build a query. For example : sql code: SELECT * FROM table1 WHERE table1.category = ? ? java…
BenoitParis
  • 3,166
  • 4
  • 29
  • 56
2
votes
1 answer

Close statement object before starting a new with prepared statements

I'm quite new at using prepared statements and is wondering if I should close the stmt_init() after each call or could I just keep it open? $stmt = $mysqli->stmt_init(); if($stmt->prepare("SELECT player_draws, player_turn, player_passes, swapped…
Mansa
  • 2,277
  • 10
  • 37
  • 67
2
votes
1 answer

Get type specification char from MySQLi field

In MySQLi's prepared statement API, bind_param takes a type specification char. MySQLi's fetch_field returns an object with several properties related to the field. However, the type specification char is not one of the available properties…
FThompson
  • 28,352
  • 13
  • 60
  • 93
2
votes
3 answers

PHP/MySQL: Using array elements in WHERE clause using prepared statements

I want to make a "dynamic" WHERE clause in my query based on a array of strings. And I want to run the created query using Mysqi's prepared statements. My code so far, PHP: $searchArray = explode(' ', $search); $searchNumber =…
Oskar Persson
  • 6,605
  • 15
  • 63
  • 124
2
votes
5 answers

mysql prepared statement java

I'm working with a prepared statement I've generated, and I'm getting a syntax error on the statement thrown by java. Yet when i copy and paste the toString of the PS into phpmyadmin for the database, it executes flawlessly. any idea's what could be…
john
  • 775
  • 3
  • 15
  • 31
2
votes
1 answer

MySQL Altering a Trigger to use a dynamic database name

I have a perfectly working trigger. As I'm adding in more tests I'm finding that I want to alter this trigger to dynamically select the database based on the current database. In production this trigger resided in database rdata and talks to…
rh0dium
  • 6,811
  • 4
  • 46
  • 79
2
votes
1 answer

Is it possible to bind a PDO parameter to the member variable of an object?

Using PDOStatement::bindParam(), one can bind a parameter to a variable—which is especially useful when a prepared statement is executed multiple times, each with different parameter values. For example: $dbh = new PDO('mysql:dbname=foo', 'eggyal',…
eggyal
  • 122,705
  • 18
  • 212
  • 237
2
votes
3 answers

Is it possible to use prepared statement placeholders for LIKE?

This fails: db.prepareStatement("SELECT * FROM " + table + " WHERE " + column + " LIKE '?%'"); Because the ? is not recognized as a placeholder for a value. How should I work around this?
rtheunissen
  • 7,347
  • 5
  • 34
  • 65
2
votes
3 answers

Error while invoking a stored procedure from java

I have written a following stored procedure in a postgres database create or replace function reviseTax(revisiondate date, taxrate decimal) returns table(employeeid integer, month date, difference decimal) AS $$ declare thisrow record; …
codeMan
  • 5,730
  • 3
  • 27
  • 51
2
votes
3 answers

How to use multiple ? in prepared statement in PHP

I want to run a select statement with PHP using multiple '?'. How do I do that? I think the following code should do that, what is wrong? $con = mysql_connect("database","login","password"); if (!$con){ die('Could not connect: ' .…
Whitecat
  • 3,882
  • 7
  • 48
  • 78
1 2 3
99 100