Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does SELECT COUNT(*) work with MySQLi prepared statements?

Tags:

php

prepared-statement

mysqli

I'm working on a test page and am using MySQLi prepared statements in my queries after reading they make my code safe from SQL injection. I have been successful with prepared statements so far with retrieving data from my DB, that all works great.

What I want to do now is count the number of galleries within a project using SELECT COUNT(*). That's it.

Without using a prepared statement, my old query looked like this:

// count number of galleries per project
$conn = dbConnect('query');
$galNumb = "SELECT COUNT(*) FROM pj_galleries WHERE project = {$pjInfo['pj_id']}";
$gNumb = $conn->query($galNumb);
$row = $gNumb->fetch_row();
$galTotal = $row[0];

But for all my reading and searching the internet, I can not find out the proper way to write this as a prepared statement.

like image 913
wordman Avatar asked Dec 04 '12 23:12

wordman

2 Answers

Yes, it should work just fine.

However, keep in mind that doing a COUNT(primary_key) usually gives better performance.

So your above query would look like

// first, setup your DB-connection
$mysqli = new mysqli('example.com', 'user', '********', 'database');

// Preparing the statement
$stmt = $mysqli->prepare('SELECT COUNT(*) FROM pj_galleries WHERE project = ?');

// binding the parameters
$stmt->bind_param('i', $pjInfo['pj_id']); // 'i' signals an integer

// Executing the query
if ( ! $stmt->execute()) {
    trigger_error('The query execution failed; MySQL said ('.$stmt->errno.') '.$stmt->error, E_USER_ERROR);
}

// fetching the results
$col1 = null;
$stmt->bind_result($col1); // you can bind multiple colums in one function call
while ($stmt->fetch()) { // for this query, there will only be one row, but it makes for a more complete example
    echo "counted {$col1} records\n";
}

$stmt->close(); // explicitly closing your statements is good practice

For a better and more complete explanation, please take a look at: http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php (examples should get you up to speed).

Also keep in mind that you can execute a prepared statement multiple times, if needed. You could also bind new parameters before re-executing your query.

like image 176
Jacco Avatar answered Oct 23 '22 21:10

Jacco

You may be over-thinking things, because it's not different than any other prepared statement:

$conn = new mysqli;
$sql = "SELECT COUNT(*) FROM pj_galleries WHERE project = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('i', $pjInfo['pj_id']);
$stmt->execute();
$row = $stmt->get_result()->fetch_row();
$galTotal = $row[0];
like image 8
Explosion Pills Avatar answered Oct 23 '22 21:10

Explosion Pills
Sign in to Comment

Related questions

PHP: DATETIME in array as object. How to echo
Generate Random Weighted value
PHP generated csv file is displaying £ for a UK pound sign (£) in Excel 2007
PHP Curl, where can I find a list of integer equivelants of constants
Which is the best way to display 'flash messages' in kohana v3?
Header says UTF-8 but accents not showing up properly - why? (php)
What is the difference between $_SERVER['PATH_INFO'] and $_SERVER['ORIG_PATH_INFO']?
Grabbing title of a website using DOM [duplicate]
How to combine two conditional statements in PHP
Converting a unix time stamp to twitter/facebook style
What ever happened to PHPUnit's Database Extension?
How to activate mod_rewrite?
Zend_Mail with french characters in mail body
How to get a subset of $_POST array with keys starting with a prefix
cURL returning garbage data
How to set a cookie in Wordpress
Create CSV file using PHP and save it into directory
How to perform a natural sort in php using usort
How can I change the line endings used by fputcsv?
How to generate entity from existing table in symfony2?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!