SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Addict
    Join Date
    Dec 2011
    4 Post(s)
    0 Thread(s)

    Stored Procedure to php pdo

    Here is my stored procedure

    			SELECT *
    		FROM guidance.dbo.vw_brw_StudentInfo 
    		WHERE stud_nID = @ID 
    		AND stud_sLastName = @LastName
            AND stud_sFirstName =@Firstname 
            AND datediff(d,stud_dBirthDate,@bday) =0
            INSERT INTO guidance.tbl_regStudent 
            VALUES (@ID,@email,@email,@regcode)
    And my php is

    PHP Code:
     $st $this->db->prepare("USE guidance EXEC guidance.CheckStudentExist {$sql}");
    $attribute_value = array();
    $attributes as $key => &$value) {
    $k =  ':'.$key;
    $key.' '.$value.'<br/>';
    $attribute_value[] = $st->bindParam($k$valuePDO::PARAM_STR);
    $val join("<br/> "$attribute_value);
    $col $st->fetchColumn();
                    if (
    $col >0)
    'Existing ';
                   else { echo 
    'not exist';} 
    My problem is it always print 'not exist' even if my data is correct and my insert query is executed.

    These are my attempts:
    1. I added $st->nextRowset()
    because it fixed the error 'he active result for the query contains no fields'.
    2. When I test my queries in SQL 2008 R2, there is error that says 'Invalid object name.'
    3. I am expecting that my fetchcolumn returns an int value. I choose IF EXIST over COUNT.

    Any idea? thank you.

  2. #2
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Poole, UK
    103 Post(s)
    0 Thread(s)
    I don't think that the use of @ is valid as a place holder. from the manual:

    The SQL statement can contain zero or more named (:name) or question mark (?) parameter markers for which real values will be substituted when the statement is executed. You cannot use both named and question mark parameter markers within the same SQL statement; pick one or the other parameter style. Use these parameters to bind any user-input, do not include the user-input directly in the query.
    You're always going (with your query) to have 4 values that need binding: ID, LastName, FirstName and bday. The rest should have already been sanitized, validated and escaped or bound and prepared in the past when the values were entered into the database. Just use the BindParam function four times instead of looping through. Also your inserting only 4 fields into the guidance.tbl_regStudent table so you should only select just them in the SELECT clause of the SELECT query part.
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts