PHP/MySQL Understanding What is Returned by Prepared Statement

Question

Sorry for the VERY newbie question - I'm an experienced programmer trying to get my head around LAMP data retrieval. Unfortunately what I'm trying to ask is so basic I can't find an answer!

I'm building a simple login script and have the following:

$sparklyUsername = strtolower($_POST['sparklyUsername']);
$sparklyPassword = $_POST['sparklyPassword'];

if($stmt = $sparklyDatabaseConnection -> prepare("SELECT username FROM SYS_users WHERE username=?")) {

$stmt -> bind_param("s", $sparklyUsername); 
$stmt -> execute(); /* Execute the query */
$stmt -> bind_result($result);
$stmt -> fetch();

Now that is all working fine but what if I try and retrieve more than one column, for example:

if($stmt = $sparklyDatabaseConnection -> prepare("SELECT username, password, email FROM SYS_users WHERE username=?")) {

I get an error "Number of bind variables doesn't match number of fields in prepared statement".

Now I am used to VBScript where a query like this returns a recordset (eg resultsRS("") ) which you then query with a column name (eg resultsRS("username") ) to get a specific column but from what I can gather, with the code above I bind each column return to a single variable like this:

$stmt -> bind_result($username, $password, $email);

If that's the case, how do I check if now row has been returned at all? In VBScript I would check if the recordset is empty (eg IF resultsRS.EOF ).

And if I need to loop through all the records returned, all the examples I've seen show something like this:

while ($row = $result->fetch_assoc()) {

But if that seems to create a row from what I would expect to be a column!

Sorry - I know I'm missing some fundamental difference here between how returned data is handled in PHP and VBScript - just waiting fro a eureka moment!

Thanks in advance for any and all help.

Bob

PS Yes I have the O'Reilly Programming PHP book but there's just no detail about this in there!

Answer 1

What is Returned by Prepared Statement

It's a long story. And book writers usually have not a slightest idea on it.

What you really need to know id that mysqli prepared statements aren't intended to be used in the application code as is, but only as a source material for the higher level abstraction library.

So, If you aren't going to write one, just quit using mysqli, but move for PDO . It has FAR more intuitive API and all the familiar ways to get the result.

$sql  = "SELECT username, password, email FROM SYS_users WHERE username=?";
$stmt = $pdo->prepare($sql);
$stmt->execute(array($_POST['sparklyUsername']));
$row  = $stmt->fetch();

it will indeed create a row, which columns you can address like $row['username']

this way you will have your data no matter how many fields requested. And you can put fetch() into while loop as well.

Answer 2

In the while loop you will need to have the rows with column name eg

while ($row = $result->fetch_assoc()) {
      echo $row['first_name']; // or whatever your column is called
}