I'm playing around with MySQLi at the moment, trying to figure out how it all works. In my current projects I always like to echo out a query string while coding, just to make sure that everything is correct, and to quickly debug my code. But... how can I do this with a prepared MySQLi statement? Example: <pre class="prettyprint"><code>$id = 1; $baz = 'something'; if ($stmt = $mysqli->prepare("SELECT foo FROM bar WHERE id=? AND baz=?")) { $stmt->bind_param('is',$id,$baz); // how to preview this prepared query before acutally executing it? // $stmt->execute(); }</code></pre> I've been going through this list (http://www.php.net/mysqli) but without any luck. EDIT Well, if it's not possible from within MySQLi, maybe I'll stick with something like this: <pre class="prettyprint"><code>function preparedQuery($sql,$params) { for ($i=0; $i<count($params); $i++) { $sql = preg_replace('/\?/',$params[$i],$sql,1); } return $sql; } $id = 1; $baz = 'something'; $sql = "SELECT foo FROM bar WHERE id=? AND baz=?"; echo preparedQuery($sql,array($id,$baz)); // outputs: SELECT foo FROM bar WHERE id=1 AND baz=something </code></pre> Far from perfect obviously, since it's still pretty redundant — something I wanted to prevent — and it also doesn't give me an idea as to what's being done with the data by MySQLi. But I guess this way I can quickly see if all the data is present and in the right place, and it'll save me some time compared to fitting in the variables manually into the query — that can be a pain with many vars.

I don't think you can - at least not in the way that you were hoping for. You would either have to build the query string yourself and execute it (ie without using a statement), or seek out or create a wrapper that supports that functionality. The one I use is Zend_Db, and this is how I would do it: <pre class="prettyprint"><code>$id = 5; $baz = 'shazam'; $select = $db->select()->from('bar','foo') ->where('id = ?', $id) ->where('baz = ?', $baz); // Zend_Db_Select will properly quote stuff for you print_r($select->__toString()); // prints SELECT `bar`.`foo` FROM `bar` WHERE (id = 5) AND (baz = 'shazam') </code></pre>

How to echo a MySQLi prepared statement?

I'm playing around with MySQLi at the moment, trying to figure out how it all works. In my current projects I always like to echo out a query string while coding, just to make sure that everything is correct, and to quickly debug my code. But... how can I do this with a prepared MySQLi statement?

Example:

$id = 1; $baz = 'something';  if ($stmt = $mysqli->prepare("SELECT foo FROM bar WHERE id=? AND baz=?")) {   $stmt->bind_param('is',$id,$baz);   // how to preview this prepared query before acutally executing it?   // $stmt->execute(); }

I've been going through this list (http://www.php.net/mysqli) but without any luck.

EDIT

Well, if it's not possible from within MySQLi, maybe I'll stick with something like this:

function preparedQuery($sql,$params) {   for ($i=0; $i<count($params); $i++) {     $sql = preg_replace('/\?/',$params[$i],$sql,1);   }   return $sql; }  $id = 1; $baz = 'something';  $sql = "SELECT foo FROM bar WHERE id=? AND baz=?";  echo preparedQuery($sql,array($id,$baz));  // outputs: SELECT foo FROM bar WHERE id=1 AND baz=something

Far from perfect obviously, since it's still pretty redundant — something I wanted to prevent — and it also doesn't give me an idea as to what's being done with the data by MySQLi. But I guess this way I can quickly see if all the data is present and in the right place, and it'll save me some time compared to fitting in the variables manually into the query — that can be a pain with many vars.

What is a mysqli prepared statements?

A prepared statement is a feature used to execute the same (or similar) SQL statements repeatedly with high efficiency. Prepared statements basically work like this: Prepare: An SQL statement template is created and sent to the database.

What is $STMT in PHP mysqli?

" $stmt " obviously (I think) stands for "statement". As a variable name it's arbitrary, you can name that variable anything you want. $stmt is just rather idiomatic. A prepared statement as such is a database feature.

What is PDO prepared statement?

In layman's terms, PDO prepared statements work like this: Prepare an SQL query with empty values as placeholders with either a question mark or a variable name with a colon preceding it for each value. Bind values or variables to the placeholders. Execute query simultaneously.

Does mysqli prevent SQL injection?

Another way you can protect your code against SQL injections is by using prepared statements. Prepared statements are precompiled SQL commands. They can be used with a specific database access library (such as mysqli) or with the more generic library PDO.

I don't think you can - at least not in the way that you were hoping for. You would either have to build the query string yourself and execute it (ie without using a statement), or seek out or create a wrapper that supports that functionality. The one I use is Zend_Db, and this is how I would do it:

$id = 5; $baz = 'shazam'; $select = $db->select()->from('bar','foo')                        ->where('id = ?', $id)                        ->where('baz = ?', $baz); // Zend_Db_Select will properly quote stuff for you print_r($select->__toString()); // prints SELECT `bar`.`foo` FROM `bar` WHERE (id = 5) AND (baz = 'shazam')

How to echo a MySQLi prepared statement?

Tags:

php

mysqli

Alec

People also ask

1 Answers

karim79

Recent Activity

Donate For Us

How to echo a MySQLi prepared statement?

Tags:

php

mysqli

Alec

People also ask

1 Answers

karim79

Related questions

Recent Activity

Donate For Us