<?php call_user_method(); call_user_method_array(); define_syslog_variables(); dl(); ereg(); ereg_replace(); eregi(); eregi_replace(); import_request_variables(); mcrypt_generic_end(); mysql_db_query(); mysql_escape_string(); mysql_list_dbs(); mysqli_bind_param(); mysqli_bind_result(); mysqli_client_encoding(); mysqli_fetch(); mysqli_param_count(); mysqli_get_metadata(); mysqli_send_long_data(); magic_quotes_runtime(); session_register(); session_unregister(); session_is_registered(); set_magic_quotes_runtime(); set_socket_blocking(); split(); spliti(); sql_regcase();
<?php // Consider the following code snippet: $query = "INSERT INTO mytable \n (myinteger, mydouble, myblob, myvarchar)\n VALUES (?, ?, ?, ?)"; $statement = mysqli_prepare($link, $query); if (!$statement) { die(mysqli_error($link)); } /* The variables being bound to by MySQLi don't need to exist prior to binding */ mysqli_bind_param($statement, "idbs", $myinteger, $mydouble, $myblob, $myvarchar); /* ???????????? */ /* execute the query, using the variables as defined. */ if (!mysqli_execute($statement)) { die(mysqli_error($link)); } // Assuming this snippet is a smaller part of a correctly written script, what actions must occur in place of the ????? in the above code snippet to insert a row with the following values: 10, 20.2, foo, string ? /* 1) A transaction must be begun and the variables must be assigned 2) Each value must be assigned prior to calling mysqli_bind_param(), and thus nothing should be done 3) Use mysqli_bind_value() to assign each of the values 4) Assign $myinteger, $mydouble, $myblob, $myvarchar the proper values http://php.net/manual/en/mysqli-stmt.bind-param.php */
public function updateEmployee($item) { $stmt = mysqli_prepare($this->connection, "UPDATE employees SET\n\t\t\tfirstname=?,lastname=?,title=?,departmentid=?,officephone=?,cellphone=?, \t\n\t\t\temail=?,street=?,city=?,state=?,zipcode=?,office=?,photofile=?\n\t\t\tWHERE id=?"); $this->throwExceptionOnError(); mysqli_bind_param($stmt, 'sssisssssssssi', $item->firstname, $item->lastname, $item->title, $item->departmentid, $item->officephone, $item->cellphone, $item->email, $item->street, $item->city, $item->state, $item->zipcode, $item->office, $item->photofile, $item->id); $this->throwExceptionOnError(); mysqli_stmt_execute($stmt); $this->throwExceptionOnError(); mysqli_stmt_free_result($stmt); mysqli_close($this->connection); }