Posted by Jerry Stuckle on 08/29/07 11:20

sugapablo wrote:
> On Aug 29, 6:36 am, Michael Fesser <neti...@gmx.de> wrote:
>
>> The ID is numeric, so it should not be treated as a string.
>
> That's not the point. Regardless of what parameters I'm trying to
> bind to any SQL statement I make, the variables are not being binded.
>

No, that is the point. You must use strings with string fields and
numerics with numeric fields in an rdb.

> If I try:
>
> <?php
>
> $email = "test@test.com";
>
> $sql = "select id,email from users where email = ?;";
> $stmt = $mysqli->prepare($sql);
> $stmt->bind_param('s', $email);
> $stmt->execute();
>
> ?>
>
> It still passes -> select id,email from users where email = ''; to the
> server.
>

How do you know? Last I checked there was no way in PHP to see the
results of a prepared statement with or without the bound values. Or
are you checking your MySQL log files?

>
>> What does bind_param() return? If FALSE - is there an error message
>> (check the 'error' property of your statement)?
>
> It returns 1. No error.
>
>
>

It does work. If it's not working for you, there is another problem. We
just need to figure out what it is.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]