Posted by Michael Fesser on 08/29/07 11:16

..oO(sugapablo)

>On Aug 29, 6:36 am, Michael Fesser <neti...@gmx.de> wrote:
>
>> The ID is numeric, so it should not be treated as a string.
>
>That's not the point. Regardless of what parameters I'm trying to
>bind to any SQL statement I make, the variables are not being binded.

Yep, it was just a general comment. Parameters should always be passed
with the correct type.

>It still passes -> select id,email from users where email = ''; to the
>server.
>
>
>> What does bind_param() return? If FALSE - is there an error message
>> (check the 'error' property of your statement)?
>
>It returns 1. No error.

Hmm. What's the version of the MySQL server and the client library
(check phpinfo() for the client and "mysql -V" on command line for the
server)?

Would it be possible to use PDO instead of mysqli?

Micha

[Back to original message]