PHP MySqli Prepared statements - Procedural Style

mysqli_stmt_init( $mysqli-link ) Initializes a statement and returns an object for use with mysqli_stmt_prepare
mysqli_prepare( $mysqli-link, $query ) Prepare an SQL statement for execution
mysqli_stmt_bind_param( $mysqli-link, 'bind-params', $var ) Binds variables to a prepared statement as parameters. Bind parameters: s - string, b - blob, i - int, d - double
mysqli_stmt_execute( $stmt ) Executes a prepared Query
mysqli_stmt_errno( $stmt ) Returns the error code for the most recent statement call
mysqli_stmt_affected_rows( $stmt ) Returns the total number of rows changed, deleted, or inserted by the last executed statement
mysqli_stmt_close( $stmt ) Closes a prepared statement

  //... connect to database
 @$conn = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);

 if (mysqli_connect_errno())  {
   print('Connect failed: '. mysqli_connect_error());
   exit;
 }

... SELECT

 //... connect to database
 $stmt = mysqli_stmt_init($conn);
 if ($stmt = mysqli_prepare($conn, "SELECT name,password FROM admin_login WHERE email=? "))  {
   /* bind parameters */
   mysqli_stmt_bind_param($stmt, "s", $email);

   /* execute query */
   mysqli_stmt_execute($stmt);

   /* bind result variables */
   mysqli_stmt_bind_result($stmt, $name, $password);

   /* fetch value */
   mysqli_stmt_fetch($stmt);

   echo $name .' - '. $password;

   /* close statement */
   mysqli_stmt_close($stmt);
 }

... INSERT
short version

 //... connect to database
 $stmt = mysqli_stmt_init($conn);

 if ($stmt = mysqli_prepare($conn, "INSERT INTO users (username,password,email) WHERE VALUES (?, ?, ?) ")  {
   /* bind parameters */
  mysqli_stmt_bind_param($stmt, "sss", $username,$password,$email);

   /* execute query */
   mysqli_stmt_execute($stmt);

   /* close statement */
   mysqli_stmt_close($stmt);

      /* close connection */
   mysqli_close($link);
 }

long version

$stmt = mysqli_stmt_init($conn);
if ($stmt = mysqli_prepare($conn, "INSERT users (username,password,email) VALUES (?, ?, ?)"))  {
   mysqli_stmt_bind_param($stmt, "sss", $username,$password,$email);
   mysqli_stmt_execute($stmt);

   // if record exist
   if  (mysqli_stmt_errno($stmt) == 1062) {
        echo "Duplicate! record";  // or insert javascript pop up
        //   of 
    // if (mysqli_stmt_affected_rows($stmt) != 1) {  
    // if record is add then return=1 if is not add then  return is  -1
        echo  "oopsss record not add into database... ";
        mysqli_stmt_close($stmt);
    } else {
       echo mysqli_stmt_affected_rows($stmt).' records inserted into database.';
       mysqli_stmt_close($stmt);
    }
 } else {
     echo "ERROR: Could not prepare SQL statement.";
 }
mysqli_close($conn);

... UPDATE
short version

 //... connect to database
 $stmt = mysqli_stmt_init($conn);
 $query="UPDATE users SET  username WHERE   id = ?  ";
 if ($stmt = mysqli_prepare($conn,$query)){
   /* bind parameters */
   mysqli_stmt_bind_param($stmt, "si", $username,$id);
   /* execute query */
   mysqli_stmt_execute($stmt);
   echo "Record Updated:";
   echo mysqli_affected_rows($connection);
   /* close statement */
   mysqli_stmt_close($stmt);
}else{
  echo mysqli_error($conn);
}
/* close connection */
mysqli_close($conn);

long version

//... connect to database
if ($stmt = $conn->prepare("UPDATE users SET username=?, password=?,email=? WHERE id=?")) {
    $stmt->bind_param("sssi", $username,$password,$email,$id);
    $stmt->execute();

    if($stmt->affected_rows != 1) {
      echo  "oopsss record not add into database... ";
      $stmt->close();
     } else {
       echo $stmt->affected_rows.' records inserted into database.';
       $stmt->close();
    }
}
  // show an error if the query has an error
  else {
      //echo "ERROR: Could not prepare SQL statement.";
      echo "<script type=\"text/javascript\">
       function error_popup(){
      document.getElementById('erroradd').style.display='none';}
      setTimeout('error_popup();', 5000);
      </script>
     <div id=\"erroradd\">ERROR: Could not prepare SQL statement.</div>";
     mysqli_close($conn);
}

... DELETE

 //... connect to database
$stmt = mysqli_stmt_init($conn);
$query="DELETE FROM  users   WHERE   email = ? AND username = ? ";
 if  ($stmt = mysqli_prepare($conn,$query)){
   /* bind parameters */
  mysqli_stmt_bind_param($stmt, "ss", $email,$username);
  /* execute query */
  mysqli_stmt_execute($stmt);
  echo "Record Deleted:";
  echo mysqli_affected_rows($conn);
   /* close statement */
   mysqli_stmt_close($stmt);
} else {
   echo mysqli_error($conn);
}
/* close connection */
mysqli_close($conn);

Links:
MySQL and PHP - Object oriented style
MySQL and PHP - Procedural Style
MySQL Operators
MySQL Data Types
PHP MySQL Improved Extension

mysqli_prepare(), mysqli_stmt_bind_param(), mysqli_stmt_execute(), mysqli_stmt_errno(), mysqli_stmt_affected_rows(), mysqli_stmt_close() - php.net

^ Top

Previous page: Convert a MySQL database to UTF-8
Next page: Format Factory