Menu
For a feedback form that will dump user comments into a MySQL table, I'm unsure which bind_param type to use for the user-supplied feedback text (MySQL field type = text)
function sql_ins_feedback($dtcode,$custip,$name,$email,$subject,$feedback)
{
global $mysqli ;
if($stmt = $mysqli->prepare("INSERT INTO feedback (dtcode,custip,name,email,subject,feedback) VALUES (?,?,?,?,?,?)"))
{
$stmt->bind_param("ssssss", $dtcode,$custip,$name,$email,$subject,$feedback);
$stmt->execute() ;
$stmt->close() ;
}
}
OR THIS?
$stmt->bind_param("sssssb", $dtcode,$custip,$name,$email,$subject,$feedback);
So, is the blob type the correct bind_param type for a text field?
What is the size limit for a bind_param("s") type?
Is there anything else one must do when using bind_param("b") ? The manual (and something else I read somewhere/sometime) suggests blob types are treated differently -- anything I should know?
Thanks
747
Then, have a look at the bind_param() function: $stmt->bind_param("sss", $firstname, $lastname, $email); This function binds the parameters to the SQL query and tells the database what the parameters are. The "sss" argument lists the types of data that the parameters are.
You must always use prepared statements for any SQL query that would contain a PHP variable. To do so, always follow the below steps: Create a correct SQL SELECT statement.
Definition and Usage The prepare() / mysqli_prepare() function is used to prepare an SQL statement for execution.
The PHP mysqli_stmt_bind_param () function is used to bind variables to prepared statement as parameters in PHP MySQLi procedural style. For example:
The PHP bind_param () function is used to bind variables to a prepared statement, as parameters, in PHP MySQLi object-oriented style. For example:
Bind variables for the parameter markers in the SQL statement prepared by mysqli_prepare () or mysqli_stmt_prepare () . If data size of a variable exceeds max. allowed packet size (max_allowed_packet), you have to specify b in types and use mysqli_stmt_send_long_data () to send the data in packets.
When trying to bind a string param you get a "Number of variables doesn't match number of parameters in prepared statement" error, make sure you're not wrapping the question mark with quotes. SELECT something FROM table WHERE param_name = "?"
This actually depends on the Mysql server. The default max size for all data combined in the entire query is 1mb. See: http://dev.mysql.com/doc/refman/5.1/en/packet-too-large.html
If your data combined is under that "max_allowed_packet" threshold, just use "s" for the binding type for any text field. Infact, you can usually get away with using "s" for any field type at all (date, float, etc).
If your entire entry combined that you want to insert is over 1mb (or whatever you reset it to) in length, you'll want to use mysqli_stmt::send_long_data method and the "b" binding type to send this particular field in chunks.
68
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
