Home > Software design >  Prepared statement not working when binding it with sql functions
Prepared statement not working when binding it with sql functions

Time:10-03

Schema

id Primary  int(11)         No  None        AUTO_INCREMENT  
creation_date_time  datetime    
exp int(11)

Code

$now = 'now()';
$interval2 = 'now()   Interval 2 day';
$interval1 = 'now()   Interval 1 day';

if($stmt = $conn->prepare("SELECT * FROM xx WHERE creation_date_time >= ? AND creation_date_time <= ? AND creation_date_time > ?")) {
  $stmt->bind_param("sss", $now, $interval2, $interval1);
  $stmt->execute();
  $result = $stmt->get_result();
  print_r($result);
}

It works without prepared statement. Why does this not work and is there a need to use prepared statement in this case at all?

CodePudding user response:

It doesn't work because you're trying to parameterise SQL code, not just a variable value. Therefore it gets treated as text instead of code.

Since you're not including variable input data in your query, there is no need to use parameters in this case at all.

Page link:https//www.codepudding.com/Softwaredesign/137100.html

Prev:Laravel table update issue General error: 1364 Field 'start_date' doesn't have a defa
Next:looping through object in the DOM
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding