Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>You can write this instead:</p> <pre><code>$qry = "SELECT * FROM mytable where userid='"; $qry.= mysql_real_escape_string($_GET['userid'])."' AND category='"; $qry.= mysql_real_escape_string($_GET['category'])."' ORDER BY id DESC"; </code></pre> <p>But to use prepared statements you better use a generic library, like <a href="http://php.net/manual/en/pdo.prepare.php" rel="noreferrer">PDO</a></p> <pre><code>&lt;?php /* Execute a prepared statement by passing an array of values */ $sth = $dbh-&gt;prepare('SELECT * FROM mytable where userid=? and category=? order by id DESC'); $sth-&gt;execute(array($_GET['userid'],$_GET['category'])); //Consider a while and $sth-&gt;fetch() to fetch rows one by one $allRows = $sth-&gt;fetchAll(); ?&gt; </code></pre> <p>Or, using <a href="http://php.net/manual/en/mysqli.prepare.php" rel="noreferrer">mysqli</a></p> <pre><code>&lt;?php $link = mysqli_connect("localhost", "my_user", "my_password", "world"); /* check connection */ if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); } $category = $_GET['category']; $userid = $_GET['userid']; /* create a prepared statement */ if ($stmt = mysqli_prepare($link, 'SELECT col1, col2 FROM mytable where userid=? and category=? order by id DESC')) { /* bind parameters for markers */ /* Assumes userid is integer and category is string */ mysqli_stmt_bind_param($stmt, "is", $userid, $category); /* execute query */ mysqli_stmt_execute($stmt); /* bind result variables */ mysqli_stmt_bind_result($stmt, $col1, $col2); /* fetch value */ mysqli_stmt_fetch($stmt); /* Alternative, use a while: while (mysqli_stmt_fetch($stmt)) { // use $col1 and $col2 } */ /* use $col1 and $col2 */ echo "COL1: $col1 COL2: $col2\n"; /* close statement */ mysqli_stmt_close($stmt); } /* close connection */ mysqli_close($link); ?&gt; </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload