How to check whether a value exists in a database using mysqli prepared statements
- The importance of prepared statements
- The full code
- The explanation
- Using the helper function
- Comments (2)
The importance of prepared statements
The below example is using mysqli prepared statements to select a value from a database. And that's the only way such queries must be run, because it prevents syntax errors and SQL injections.
The full code
To see whether some value exists in a database, we should never select the data itself, but only the count of rows that contains the requested value.
$sql = "SELECT count(1) FROM users WHERE name = ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param("s", $name);
$stmt->execute();
$stmt->bind_result($found);
$stmt->fetch();
if ($found)
{
echo "found :)";
} else {
echo "not found :'(";
}The explanation
Let's see what's going on here
$sql = "SELECT count(1) FROM users WHERE name = ?";The SQL query we are running here does have a peculiar fields part: in fact we aren't selecting any actual field from the table, but only the result of the aggregation function count(1). The 1 parameter doesn't have any actual meaning, and it could be any constant value. It says mysql to count all the rows returned.
$stmt = $mysqli->prepare();
$stmt->bind_param("s", $name);
$stmt->execute();that's usual prepare/execute stuff that executes our query and makes $name variable bound to a question mark in the query.
$stmt->bind_result($found);
$stmt->fetch();here we are storing the single result returned by the query (the result of count(1) function) to the $found variable.
Now $found variable contains the number of rows found. If no rows found, it contains 0, which is equal to FALSE when used in a conditional operator, while any other value will be counted as TRUE:
if ($found)
{
echo "found :)";
} else {
echo "not found :'(";
}Using the helper function
As you may notice, the amount of code is rather big for such a simple operation. But a programmer can always create their own tools, to automate repetitive routine tasks. And luckily, we have such a tool already, a simple mysqli helper function. Using this function the code will become as simple as
$sql = "SELECT count(1) FROM users WHERE name = ?";
$row = mysqli($mysqli, $sql, [$name])->get_result()->fetch_row();
$found = $row[0];
if ($found)
{
echo "found :)";
} else {
echo "not found :'(";
}Related articles:
- Mysqli tutorial (how to use it properly)
- How to connect properly using mysqli
- How to report errors in mysqli
- Mysqli helper function
- Why mysqli prepared statemens are so hard to use?
- Authenticating a user using mysqli and password_verify()
- How to get the number rows that has been actually changed
- Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given.
- Mysqli examples
- Mysqli's features you probably would like to know about
- How to run INSERT query using Mysqli
- How to use mysqli properly
Got a question?
I am the only person to hold a gold badge in
,
and
on Stack Overflow and I am eager to show the right way for PHP developers.
Besides, your questions let me make my articles even better, so you are more than welcome to ask any question you have.
Add a comment
Please refrain from sending spam or advertising of any sort.
Messages with hyperlinks will be pending for moderator's review.
Markdown is now supported:
>before and an empty line after for a quote