-2

I have this line of code:

$search = mysqli_query($mysqli, "SELECT * FROM list WHERE ID= '$name' ");

And I want do it like this:

$example = $mysqli->prepare('SELECT * FROM list (ID) VALUES (?)');

But the problem is that I need enter the part "mysqli_query($mysqli,", how can I add it to my second line of code¿?

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
ALEX
  • 1

1 Answers1

0

SQL syntax doesn't change when you use prepared statements. You just replace the variable with a placeholder.

$statement = $mysql->prepare("SELECT * FROM list WHERE ID= ? ");
$statement->bind_param("s", $name);
$statement->execute();
Barmar
  • 741,623
  • 53
  • 500
  • 612
  • Don't work doing it – ALEX Dec 20 '18 at 22:59
  • What part of it isn't working? – Barmar Dec 20 '18 at 22:59
  • Then I try use the second code with mysqli_num_rows and no work doing it with prepared statements – ALEX Dec 20 '18 at 23:01
  • 1
    Read a tutorial on mysqli prepared statements, you don't read the results the same way. You have to use `$statement->bind_result()`. – Barmar Dec 20 '18 at 23:04
  • http://php.net/manual/en/mysqli.quickstart.prepared-statements.php – spencer7593 Dec 20 '18 at 23:08
  • No work colleague – ALEX Dec 20 '18 at 23:09
  • 1
    Describing the observed behavior as "don't work" or "no work" is practically *useless* in providing any meaningful information about the actual behavior that is observed. Barmar answered the question that was asked. Don't muck with `mysqli_num_rows`. Just do a fetch, and check if that's successful. Id we need a count of the number of rows, then we can increment a counter in a fetch loop. Also ditch the `*` in the SELECT list and explicitly list the expressions to be returned. If all we need is a count, we can use a COUNT() aggregate in the SELECT list, and get the value from the fetched row. – spencer7593 Dec 20 '18 at 23:16