Click here to Skip to main content
15,888,461 members
Search within:


Stored procedure - assigning a value to a parameter
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
PHP
MySQL
Hello, I have a stored procedure that takes an IN parameter. I would like to retrieve a specific data in my array based on a string. I'm trying to understand how it works and I can't get the value of the parameter.

Thanks for your help in advance.

PS: I specify that I use a PDO connection

What I have tried:

Here is where the call is made:

PHP
$value = 'France';
$request = $bdd->query("CALL select_customer($value)");

while ($data = $request->fetch()) {
	echo $data['cust_name'].'<br/>';
}
Posted
Updated 19-Oct-21 21:02pm
v4
Add a Solution

2 solutions

You can use sqlparameter of type OUT in a stored procedure.
See https://www.sqlshack.com/learn-mysql-the-basics-of-mysql-stored-procedures/#:~:text=The%20MySQL%20Stored%20procedure%20parameter,output%20generated%20by%20SQL%20Statements.[^] for more details.
 
Share this answer
 
Posted
v2
I find my error :

PHP
$request = $bdd->query("CALL select_customer('$value')");


I forget to add single quote around the $value. And it works
 
Share this answer
 
Posted
Comments
Richard Deeming 20-Oct-21 11:28am    
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]
PHP: Prepared statements and stored procedures - Manual[^]
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 20 Oct 2021
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900