stackoom
  简体   繁体   中英

PHP, MSSQL, SQLSRV (prepared) driver; How do I get the ID of the row I've just inserted?

 原文  2012-09-14 19:10:35       php/ sql-server/ prepared-statement

Question

I'm looking to produce the last inserted id using SQLSRV. I need to use a prepared statement though. I've seen an answer on here (see link after the code below) showing how to do it, but the statement isn't prepared for anti-sql injection purposes. 

//Prep the variables for insert
$p1 = $_POST['description'];
$p2 = intval($_POST['visible']);
$p3 = strval($_POST['whoToShow']);

//Build an array with those variables
$params = array(&$p1, &$p2, &$p3);

//Build the SQL
$sql = "INSERT INTO notifications (description, visible, whoToShow) VALUES (?, ?, ?)";

//Execute the sql using a prepared statement, passing the variables in an array
$stmt = sqlsrv_prepare($conn, $sql, $params) or die(FormatErrors(sqlsrv_errors()));

Please review Microsoft´s sqlsrv driver for PHP not returning any result when querying "SELECT SCOPE_IDENTITY() AS id" on Stack Overflow for details on getting the last inserted ID using a non prepared statement.

Thank you in advance for your support.

1 answers

solution1
 1 ACCPTED  2012-09-14 19:15:40

Consider using a stored procedure instead of a direct INSERT statement. Using a stored procedure is better as you can return a recordset from the stored procedure which would include the ID of the inserted record.

I'm using Microsoft SQL Server with my PHP. I am using the mssql_query library to connect to SQL server. Not sure if it makes a difference, but I see you're using a different library to connect. Every query we do is through stored procedures. Its far more efficient and definitely more secure. 

$myServer = "xxxxxxx";
$myUser = "xxxxxxxx";
$myPass = "xxxxxxx";
$myDB = "myDatabase";
//connection to the database
$dbhandle = mssql_connect($myServer, $myUser, $myPass)
or die("Couldn't connect to SQL Server on $myServer");
//select a database to work with
$selected = mssql_select_db($myDB, $dbhandle)
or die("Couldn't open database $myDB");

$query = "exec eCommerce.dbo.cart_GET_Detail    @sid = ".$_SESSION['sid']." , @cc = '".$_SESSION['cc']."'";

$result = mssql_query($query);
$numRows = mssql_num_rows($result);
$hasItems = (($numRows == 0) ? 'N' : 'Y');

while ($RSLoop = mssql_fetch_array($result)) {
    //var_dump($RSLoop);  //var_dump will show you everything in the recordset
    echo '<tr><td colspan=6 width=720 class=cartDivider>&nbsp;</td></tr>';
    echo '<form name=frmProduct'.$idx.' method=POST action=_action.asp>';
    echo '<input type=hidden name=pid value="'.$RSLoop['product_id'].'">';
}

That was a call to a stored procedure to get the contents of the shopping cart stored in a SQL table. Doing an insert on a stored procedure is similar. You should be able to find some code samples on SQL Server stored procedures.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I get the just inserted row of a MySQL table in PHP? How do I get the ID of an inserted row? How can i get the IDENTITY of an inserted row via stored procedure with SQL Server, PHP and sqlsrv? How do I get the SQLSRV extension to work with PHP, since MSSQL is deprecated? Do I need to configure anything in MSSQL Server Management Studio to use the SQLSRV driver in PHP? Using Prepared Statement, how I return the id of the inserted row? How can I get row values and not just column names from sqlsrv_fetch_array() in PHP How do I get the last inserted ID of a MySQL table in PHP? php PDO - How do I get last inserted Id? Dynamic prepared statements with sqlsrv (MSSQL) in PHP
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM