PHP 8.3.4 Released!

mysqli::query

mysqli_query

(PHP 5, PHP 7, PHP 8)

mysqli::query -- mysqli_queryPerforms a query on the database

Description

Object-oriented style

public mysqli::query(string $query, int $result_mode = MYSQLI_STORE_RESULT): mysqli_result|bool

Procedural style

mysqli_query(mysqli $mysql, string $query, int $result_mode = MYSQLI_STORE_RESULT): mysqli_result|bool

Performs a query against the database.

Warning

Security warning: SQL injection

If the query contains any variable input then parameterized prepared statements should be used instead. Alternatively, the data must be properly formatted and all strings must be escaped using the mysqli_real_escape_string() function.

For non-DML queries (not INSERT, UPDATE or DELETE), this function is similar to calling mysqli_real_query() followed by either mysqli_use_result() or mysqli_store_result().

Note:

In the case where a statement is passed to mysqli_query() that is longer than max_allowed_packet of the server, the returned error codes are different depending on whether you are using MySQL Native Driver (mysqlnd) or MySQL Client Library (libmysqlclient). The behavior is as follows:

  • mysqlnd on Linux returns an error code of 1153. The error message means got a packet bigger than max_allowed_packet bytes.

  • mysqlnd on Windows returns an error code 2006. This error message means server has gone away.

  • libmysqlclient on all platforms returns an error code 2006. This error message means server has gone away.

Parameters

mysql

Procedural style only: A mysqli object returned by mysqli_connect() or mysqli_init()

query

The query string.

result_mode

The result mode can be one of 3 constants indicating how the result will be returned from the MySQL server.

MYSQLI_STORE_RESULT (default) - returns a mysqli_result object with buffered result set.

MYSQLI_USE_RESULT - returns a mysqli_result object with unbuffered result set. As long as there are pending records waiting to be fetched, the connection line will be busy and all subsequent calls will return error Commands out of sync. To avoid the error all records must be fetched from the server or the result set must be discarded by calling mysqli_free_result().

MYSQLI_ASYNC (available with mysqlnd) - the query is performed asynchronously and no result set is immediately returned. mysqli_poll() is then used to get results from such queries. Used in combination with either MYSQLI_STORE_RESULT or MYSQLI_USE_RESULT constant.

Return Values

Returns false on failure. For successful queries which produce a result set, such as SELECT, SHOW, DESCRIBE or EXPLAIN, mysqli_query() will return a mysqli_result object. For other successful queries, mysqli_query() will return true.

Errors/Exceptions

If mysqli error reporting is enabled (MYSQLI_REPORT_ERROR) and the requested operation fails, a warning is generated. If, in addition, the mode is set to MYSQLI_REPORT_STRICT, a mysqli_sql_exception is thrown instead.

Examples

Example #1 mysqli::query() example

Object-oriented style

<?php

mysqli_report
(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");

/* Create table doesn't return a resultset */
$mysqli->query("CREATE TEMPORARY TABLE myCity LIKE City");
printf("Table myCity successfully created.\n");

/* Select queries return a resultset */
$result = $mysqli->query("SELECT Name FROM City LIMIT 10");
printf("Select returned %d rows.\n", $result->num_rows);

/* If we have to retrieve large amount of data we use MYSQLI_USE_RESULT */
$result = $mysqli->query("SELECT * FROM City", MYSQLI_USE_RESULT);

/* Note, that we can't execute any functions which interact with the
server until all records have been fully retrieved or the result
set was closed. All calls will return an 'out of sync' error */
$mysqli->query("SET @a:='this will not work'");

Procedural style

<?php

mysqli_report
(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$link = mysqli_connect("localhost", "my_user", "my_password", "world");

/* Create table doesn't return a resultset */
mysqli_query($link, "CREATE TEMPORARY TABLE myCity LIKE City");
printf("Table myCity successfully created.\n");

/* Select queries return a resultset */
$result = mysqli_query($link, "SELECT Name FROM City LIMIT 10");
printf("Select returned %d rows.\n", mysqli_num_rows($result));

/* If we have to retrieve large amount of data we use MYSQLI_USE_RESULT */
$result = mysqli_query($link, "SELECT * FROM City", MYSQLI_USE_RESULT);

/* Note, that we can't execute any functions which interact with the
server until all records have been fully retrieved or the result
set was closed. All calls will return an 'out of sync' error */
mysqli_query($link, "SET @a:='this will not work'");

The above examples will output something similar to:

Table myCity successfully created.
Select returned 10 rows.

Fatal error: Uncaught mysqli_sql_exception: Commands out of sync; you can't run this command now in...

See Also

add a note

User Contributed Notes 21 notes

up
51
NUNTIUS
16 years ago
This may or may not be obvious to people but perhaps it will help someone.

When running joins in SQL you may encounter a problem if you are trying to pull two columns with the same name. mysqli returns the last in the query when called by name. So to get what you need you can use an alias.

Below I am trying to join a user id with a user role. in the first table (tbl_usr), role is a number and in the second is a text name (tbl_memrole is a lookup table). If I call them both as role I get the text as it is the last "role" in the query. If I use an alias then I get both as desired as shown below.

<?php
$sql
= "SELECT a.uid, a.role AS roleid, b.role,
FROM tbl_usr a
INNER JOIN tbl_memrole b
ON a.role = b.id
"
;

if (
$result = $mysqli->query($sql)) {
while(
$obj = $result->fetch_object()){
$line.=$obj->uid;
$line.=$obj->role;
$line.=$obj->roleid;
}
}
$result->close();
unset(
$obj);
unset(
$sql);
unset(
$query);

?>
In this situation I guess I could have just renamed the role column in the first table roleid and that would have taken care of it, but it was a learning experience.
up
37
theyranos at gmail dot com
12 years ago
The cryptic "Couldn't fetch mysqli" error message can mean any number of things, including:

1. You're trying to use a database object that you've already closed (as noted by ceo at l-i-e dot com). Reopen your database connection, or find the call to <?php mysqli_close($db); ?> or <?php $db->close(); ?> and remove it.
2. Your MySQLi object has been serialized and unserialized for some reason. Define a wakeup function to re-create your database connection. http://php.net/__wakeup
3. Something besides you closed your mysqli connection (in particular, see http://bugs.php.net/bug.php?id=33772)
4. You mixed OOP and functional calls to the database object. (So, you have <?php $db->query() ?> in the same program as <?php mysqli_query($db) ?>).
up
35
petrus.jvr
13 years ago
When calling multiple stored procedures, you can run into the following error: "Commands out of sync; you can't run this command now".
This can happen even when using the close() function on the result object between calls.
To fix the problem, remember to call the next_result() function on the mysqli object after each stored procedure call. See example below:

<?php
// New Connection
$db = new mysqli('localhost','user','pass','database');

// Check for errors
if(mysqli_connect_errno()){
echo
mysqli_connect_error();
}

// 1st Query
$result = $db->query("call getUsers()");
if(
$result){
// Cycle through results
while ($row = $result->fetch_object()){
$user_arr[] = $row;
}
// Free result set
$result->close();
$db->next_result();
}

// 2nd Query
$result = $db->query("call getGroups()");
if(
$result){
// Cycle through results
while ($row = $result->fetch_object()){
$group_arr[] = $row;
}
// Free result set
$result->close();
$db->next_result();
}
else echo(
$db->error);

// Close connection
$db->close();
?>
up
5
xa at sagexa dot com
1 year ago
"In PHP 8.1, the default error handling behavior of the MySQLi extension has changed from silencing errors to throw an Exception on errors. "
This is true even for the procedural use of mysqli, i.e. mysqli_query.
Hence, using if(!mysqli_query($c, $sql)) [...] is pointless.
To disable Exception throwing : mysqli_report(MYSQLI_REPORT_OFF);
up
11
Anonymous
5 years ago
Here is an example of a clean query into a html table

<table>
<tr>
<th>First Name</th>
<th>Last Name</th>
<th>City</th>
</tr>
<?php while ($row = $myquery->fetch_assoc()) { ?>
<tr>
<td><?php echo $row["firstname"]; ?></td>
<td><?php echo $row["lastname"]; ?></td>
<td><?php echo $row["city"];?></td>
</tr>
<?php } ?>
</table>
up
-2
registrations at jdfoxmicro dot com
13 years ago
I like to save the query itself in a log file, so that I don't have to worry about whether the site is live.

For example, I might have a global function:

<?php
function UpdateLog ( $string , $logfile ) {
$fh = fopen ( $logfile , 'a' );
$fwrite ( $fh , strftime ('%F %T %z')." ".$string."\n";
fclose ( $fh );
}
?>

Then in my mysql function error trapper, something like this:

<?php
$error_msg
= "Database error in [page].php / ";
$error_msg .= mysqli_error ( $link )." / ";
$error_msg .= $query;
UpdateLog ( $error_msg , DB_ERROR_LOG_FILE );
?>

I also include the remote IP, user agent, etc., but I left it out of these code samples. And have it e-mail me when an error is caught, too.

Jeff
up
-1
Beeners
18 years ago
Stored Procedures.

Use mysqli_query to call a stored procedure that returns a result set.

Here is a short example:

<?php
$mysqli
= new mysqli(DBURI,DBUSER,DBPASS,DBNAME);
if (
mysqli_connect_errno())
{
printf("Connection failed: %s\n", mysqli_connect_error());
exit();
}

$SQL = "CALL my_procedure($something)";
if ( (
$result = $mysqli->query($SQL))===false )
{
printf("Invalid query: %s\nWhole query: %s\n", $mysqli->error, $SQL);
exit();
}

while (
$myrow = $result->fetch_array(MYSQLI_ASSOC))
{
$aValue[]=$myrow["a"];
$bValue[]=$myrow["b"];
}
$result->close();
$mysqli->close();
?>
I hope this saves someone some time.
up
-2
ceo at l-i-e dot com
15 years ago
Translation:
"Couldn't fetch mysqli"

You closed your connection and are trying to use it again.

It has taken me DAYS to figure out what this obscure error message means...
up
-10
info at ff dot net
17 years ago
Calling Stored Procedures

Beeners' note/example will not work. Use mysqli_multi_query() to call a Stored Procedure. SP's have a second result-set which contains the status: 'OK' or 'ERR'. Using mysqli_query will not work, as there are multiple results.

<?php
$sQuery
="CALL SomeSP('params')";
if(!
mysqli_multi_query($sqlLink,$sQuery)) {
// your error handler
}
$sqlResult=mysqli_store_result($sqlLink);

if(
mysqli_more_results($this->sqlLink))//Catch 'OK'/'ERR'
while(mysqli_next_result($this->sqlLink));
?>

You will have to rewrite/expand this a bit for more usability of course, but it's just an example.
up
-14
joseph_robert_martinez at yahoo dot com
10 years ago
For those using with replication enabled on their servers, add a mysqli_select_db() statement before any data modification queries. MySQL replication does not handle statements with db.table the same and will not replicate to the slaves if a scheme is not selected before.

Found out after days of resetting master and slaves on another site http://www.linuxquestions.org/questions/linux-server-73/mysql-5-1-not-replicating-properly-with-slave-823296/
up
-13
hunreal at gmail dot com
19 years ago
Use difference collation/character for connect, result.
You can set the collation before your query.

E.g. want to set the collation to utf8_general_ci
you can send the query "SET NAMES 'utf8'" first

<?php
$mysqli
=new mysqli('localhost', 'root', 'password', 'test');
$mysqli->query("SET NAMES 'utf8'");
$q=$mysqli->query("select * from test");
while(
$r=$q->fetch_assoc()) {
print_r($r);
}
?>

There are many variables about character settings.
By running sql command, SHOW VARIABLES LIKE 'char%';
There are some variables control the character usage.

character_set_client
character_set_connection
character_set_database
character_set_results
character_set_server
character_set_system

Also SET NAMES can repalce with one or some settings like SET character_set_results='utf8';
up
-14
jcwebb at dicoe dot com
16 years ago
When building apps, i like to see the whole statement when if fails.
<?php
$q
="SELECT somecolumn FROM sometable"; //some instruction
$r=mysqli_query($DBlink,$q) or die(mysqli_error($DBlink)." Q=".$q);
?>
If theres an error (like my numerous typing mistakes) this shows the entire instruction.
Good for development (not so good on production servers - simply find and replace when finished: $r=mysqli_query($DBlink,$q); )

Hope it helps. Jon
up
-17
Igor
15 years ago
mysqli::query() can only execute one SQL statement.

Use mysqli::multi_query() when you want to run multiple SQL statements within one query.
up
-18
thomas dekker
13 years ago
Building inserts can be annoying. This helper function inserts an array into a table, using the key names as column names:

<?php
private function store_array (&$data, $table, $mysqli)
{
$cols = implode(',', array_keys($data));
foreach (
array_values($data) as $value)
{
isset(
$vals) ? $vals .= ',' : $vals = '';
$vals .= '\''.$this->mysql->real_escape_string($value).'\'';
}
$mysqli->real_query('INSERT INTO '.$table.' ('.$cols.') VALUES ('.$vals.')');
}
?>

Adapt it to your specific needs.
up
-8
omidbahrami1990 at gmail dot com
6 years ago
This Is A Secure Way To Use mysqli::query
--------------------------------------------------------
<?php
function secured_query($sql)
{
$connection = new mysqli($host,$username,$password,$name);

if (
$connection->connect_error)
die(
"Secured");

$result=$connection->query($sql);
if(
$result==FALSE)
die(
"Secured");

$connection->close();
return
$result;
}
/*
$host ---> DataBase IP Address
$username ---> DataBase Username
$password ---> DataBase Password
$name ---> DataBase Name
*/
?>
up
-20
ahmed dot 3abdolah at gmail dot com
9 years ago
Hi, i created function that add a new table using array , i work with it on my projects ...
<?PHP
/* this function was learned from PHP.net */
function array_keys_exist(&$key,array &$array){
$keys = split("\|",$key);
foreach(
$keys as $key_s){
if(
array_key_exists($key_s, $array)) return true;
}
return
false;
}
/*and this is my function */
array_create_table(array &$array){
if(
is_array($array)){
$key = "table|rows|values";
$info = "";
if(
array_keys_exist($key,$array)){
if(
is_array($array["rows"]) and is_array($array["values"]) ){

if(
count($array["rows"]) == count($array["values"])) {
for(
$i=0; $i<=count($array["rows"]); $i++){
$info = $info." ".$array["rows"][$i]." ".$array["values"][$i]." NOT NULL ";
if(
$i < count($array["rows"])-1 ) $info = $info.",";
}
$query = "CREATE TABLE ".$this->private_tables_name.$array["table"]." ";
$query .= "( id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, ".$info." )";
return
$query;
}
}
}else return
"Error";
}
}

/* the use is simple */
$database = new database(); // connection to database i used mysqli ...
$array = array("table"=>"MRO", "rows"=>array("name","username") , "values" => array("VARCHAR (50) "," VARCHAR (50) ") );

$query = array_create_table($array); // convert and create the query ...
if($database->query($query)) echo "Work"; else echo "Error"; // result : work

?>
up
-17
marcus at synchromedia dot co dot uk
12 years ago
The exact type returned by a successful query is mysqli_result.
up
-20
popere dot noel at yahoo dot com
10 years ago
or you could just extend the class...
in my case i already had a wraper for the db so something like this was easy :

public function free($result) {

$result->free_result();
$this->link->next_result();
}

just tried it and it works like a charm ;-)
up
-22
blinki bill, argodak at yahoo dot com
10 years ago
Recently I had puzzling problem when performing DML queries, update in particular, each time a update query is called and then there are some more queries to follow this error will show on the page and go in the error_log:
"Fatal error: Exception thrown without a stack frame in Unknown on line 0"

The strange thing is that all queries go through just fine so it didn't make much sense:

$update = mysqli_query($connection, $query_string);
if(!$update){
echo 'Houston we have a problem '.mysqli_error($connection);
exit;
}

In the above example "$update" is "true", mysqli_error() is empty and of course the update operation goes through, however the nasty super cryptic error appears on the page.
What makes even less sense to me is how I fixed it - just called "mysqli_free_result" after the update query and the problem was gone, however because mysqli_free_result is not supposed to be called after DML queries (to free what, a boolean? lol) it needs to be wrapped in a try catch block:

try{
mysqli_free_result($update);
}catch (Exception $e){
//do nothing
}

So, I don't know why but it seems that when DML queries are responsible for:
"Fatal error: Exception thrown without a stack frame in Unknown on line 0"
calling "mysqli_free_result" after the query seems to be fixing the issue
up
-13
Anonymous
7 years ago
I don't know is it bug or something , then first I write it here . Query SHOW with MYSQLI_USE_RESULT option don't show num_rows :
<?php
SHOW TABLES LIKE
[some table], MYSQLI_USE_RESULT
num_rows
// shows 0 !
?>
up
-8
David Marcus
6 years ago
If you use the default resultmode of MYSQLI_STORE_RESULT, you can call $mysqli->close() right after $mysqli->query and before you use mysqli_result. This reduces the time the connection is open, which can help if the database server has a limit on how many connections there can be.
To Top