Prepared statement using PHP

Question

I'm new to PHP .. I get stuck on how to transfer my sql statement to prepared statement .. The error message that I got is that you " can't connect " ..

My code is as the following

$connection = mysql_connect($host,$username,$password) or die ("can't connect"); 


$select_database = mysql_select_db($db_name);
$id = mysql_real_escape_string ($_GET ['id']); 

$query = 'SELECT * from &tbl_name where id=?';
$stmt = $connection->prepare($query);
$stmt->bind_param("d", $id);
$stmt->execute();
$rows=mysql_fetch_array($stmt);
$stmt->close();

Answer 1

You have two problems actually.

The first, and relevant to your question, is on this line:

$connection = mysql_connect($host,$username,$password) or die ("can't connect");

You say you're receiving the error can't connect . This means that the host, username and/or password for your database connection is invalid. Check that the connection information is correct and you should be able to fix the issue.

The second is that you're connecting to your database with mysql_ functions and then trying to use mysqli_ binding/executing functions. You can't mix and match.

Because you're attempting to bind/execute with OOP style, here's a re-coded sample that should help out:

$connection = new mysqli($host, $username, $password);
if ($connection->connect_error) {
    die("can't connect");
}
$query = 'SELECT * from tbl_name where id=?';
$stmt = $connecton->prepare($query);
$stmt->bind_param("d", $id);
$results = $stmt->execute();
$rows = $results->fetch_array();
$stmt->close();

Answer 2

You cannot do prepared statements with the legacy mysql_* set of functions. You need to use PDO or MySQLi:

$dbh = new PDO("mysql:dbname=testdb;host=127.0.0.1", "username", "password");

$query = "SELECT * FROM myTable WHERE id=?";
$stmt = $dbh->prepare($query);
$stmt->execute(array($my_id));

$result = $stmt->fetchAll();

Answer 3

The "can't connect" you have comes from the die() function which will stop execution of your script if mysql_connect fails. This means that your code doesn't succeed creating a connection, check your $host , $username and $password parameters. If your host is remote, make sure that you have the rights to connect to it.

As pce stated, you also have a typo in $connecton which should be $connection

Answer 4

try

1.Define the Database const for later use in your project; (this code should only be executed once)

define( "DBN","foo");//where foo is the database name
define( "DB_USERNAME", "rootuser" ); //generally root
define( "DB_PASSWORD", "my_very_hard_password" ); //be more creative
define( "DB_DSN", "mysql:host=localhost;dbname=".DBN );

...

2.Create PDO Object and execute

$conn = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$sql = "SELECT * from &tbl_name where id=:id";
$st = $conn->prepare( $sql );
$st->bindValue( ":id", $obj->id, PDO::PARAM_INT );  
// or $st->bindValue( ":id", 5, PDO::PARAM_INT );   
$st->execute();
return $st->fetchAll();