1

Schema

id Primary  int(11)         No  None        AUTO_INCREMENT  
creation_date_time  datetime    
exp int(11)

Code

$now = 'now()';
$interval2 = 'now() + Interval 2 day';
$interval1 = 'now() + Interval 1 day';

if($stmt = $conn->prepare("SELECT * FROM xx WHERE creation_date_time >= ? AND creation_date_time <= ? AND creation_date_time > ?")) {
  $stmt->bind_param("sss", $now, $interval2, $interval1);
  $stmt->execute();
  $result = $stmt->get_result();
  print_r($result);
}

It works without prepared statement. Why does this not work and is there a need to use prepared statement in this case at all?

Improve this question

1 Answer 1

Reset to default
2

It doesn't work because you're trying to parameterise SQL code, not just a variable value. Therefore it gets treated as text instead of code.

Since you're not including variable input data in your query, there is no need to use parameters in this case at all.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.