diff --git a/reference/mysqli/mysqli/query.xml b/reference/mysqli/mysqli/query.xml
index 4805db6150..3df7427eed 100644
--- a/reference/mysqli/mysqli/query.xml
+++ b/reference/mysqli/mysqli/query.xml
@@ -77,29 +77,46 @@
The query string.
-
- Data inside the query should be properly escaped.
-
+
+ Security warning: SQL injection
+
+ If the query contains any variable input then
+ parameterized
+ prepared statements should be used instead. Alternatively, the
+ data must be properly formatted and all strings must be escaped using
+ the mysqli_real_escape_string
+ function.
+
+ result_mode
- Either the constant MYSQLI_USE_RESULT or
- MYSQLI_STORE_RESULT depending on the desired
- behavior. By default, MYSQLI_STORE_RESULT is used.
+ The result mode can be one of 3 constants indicating how the result will
+ be returned from the MySQL server.
- If you use MYSQLI_USE_RESULT all subsequent calls
- will return error Commands out of sync unless you
- call mysqli_free_result
+ MYSQLI_STORE_RESULT (default) - returns a
+ mysqli_result object with buffered result set.
- With MYSQLI_ASYNC (available with mysqlnd), it is
- possible to perform query asynchronously.
+ MYSQLI_USE_RESULT - returns a
+ mysqli_result object with unbuffered result set.
+ As long as there are pending records waiting to be fetched, the
+ connection line will be busy and all subsequent calls will return error
+ Commands out of sync. To avoid the error all records
+ must be fetched from the server or the result set must be discarded by
+ calling mysqli_free_result.
+
+
+ MYSQLI_ASYNC (available with mysqlnd) - the query is
+ performed asynchronously and no result set is immediately returned.
mysqli_poll is then used to get results from such
- queries.
+ queries. Used in combination with either
+ MYSQLI_STORE_RESULT or
+ MYSQLI_USE_RESULT constant.
@@ -110,9 +127,11 @@
&reftitle.returnvalues;
- Returns &false; on failure. For successful queries which produce a result set, such as SELECT, SHOW, DESCRIBE or
+ Returns &false; on failure. For successful queries which produce a result
+ set, such as SELECT, SHOW, DESCRIBE or
EXPLAIN, mysqli_query will return
- a mysqli_result object. For other successful queries, mysqli_query will
+ a mysqli_result object. For other successful queries,
+ mysqli_query will
return &true;.
@@ -125,90 +144,59 @@
connect_errno) {
- printf("Connect failed: %s\n", $mysqli->connect_error);
- exit();
-}
-
/* Create table doesn't return a resultset */
-if ($mysqli->query("CREATE TEMPORARY TABLE myCity LIKE City") === TRUE) {
- printf("Table myCity successfully created.\n");
-}
+$mysqli->query("CREATE TEMPORARY TABLE myCity LIKE City");
+printf("Table myCity successfully created.\n");
/* Select queries return a resultset */
-if ($result = $mysqli->query("SELECT Name FROM City LIMIT 10")) {
- printf("Select returned %d rows.\n", $result->num_rows);
-
- /* free result set */
- $result->close();
-}
+$result = $mysqli->query("SELECT Name FROM City LIMIT 10");
+printf("Select returned %d rows.\n", $result->num_rows);
/* If we have to retrieve large amount of data we use MYSQLI_USE_RESULT */
-if ($result = $mysqli->query("SELECT * FROM City", MYSQLI_USE_RESULT)) {
+$result = $mysqli->query("SELECT * FROM City", MYSQLI_USE_RESULT);
- /* Note, that we can't execute any functions which interact with the
- server until result set was closed. All calls will return an
- 'out of sync' error */
- if (!$mysqli->query("SET @a:='this will not work'")) {
- printf("Error: %s\n", $mysqli->error);
- }
- $result->close();
-}
-
-$mysqli->close();
-?>
+/* Note, that we can't execute any functions which interact with the
+ server until all records have been fully retrieved or the result
+ set was closed. All calls will return an 'out of sync' error */
+$mysqli->query("SET @a:='this will not work'");
]]>
&style.procedural;
+/* Note, that we can't execute any functions which interact with the
+ server until all records have been fully retrieved or the result
+ set was closed. All calls will return an 'out of sync' error */
+mysqli_query($link, "SET @a:='this will not work'");
]]>
- &examples.outputs;
+ &examples.outputs.similar;
@@ -220,6 +208,7 @@ Error: Commands out of sync; You can't run this command now
mysqli_real_querymysqli_multi_query
+ mysqli_preparemysqli_free_result
diff --git a/reference/mysqli/mysqli/real-query.xml b/reference/mysqli/mysqli/real-query.xml
index 59d170385d..e4e5f08fc5 100644
--- a/reference/mysqli/mysqli/real-query.xml
+++ b/reference/mysqli/mysqli/real-query.xml
@@ -40,11 +40,19 @@
query
- The query, as a string.
-
-
- Data inside the query should be properly escaped.
+ The query string.
+
+ Security warning: SQL injection
+
+ If the query contains any variable input then
+ parameterized
+ prepared statements should be used instead. Alternatively, the
+ data must be properly formatted and all strings must be escaped using
+ the mysqli_real_escape_string
+ function.
+
+