I am writing PHP code to change the default value of a varchar field in a MySQL database. To make the code safe, I use a prepared statement, but for some reason it is impossible to get PHP / MySQL to accept this in this particular situation, why?
(I am using PHP 5.5.11)
Here is the code using prepared statements that DOES NOT work (calling mysqli_stmt_execute () returns null, and the default value for the field remains unchanged):
$new_field_default_value = 'test';
$field_modification_sql_command = "ALTER TABLE MyTable ALTER COLUMN MyColumn SET DEFAULT ?";
$stmt = mysqli_stmt_init($db_conn_handle);
mysqli_stmt_prepare($stmt, $field_modification_sql_command);
mysqli_stmt_bind_param($stmt, 's', $new_field_default_value);
$temp_db_res = mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
Here is the code (unsafe) using concatenation and performing a clean query that works (calling mysqli_query () returns true, and the default value for the field is really changed):
$new_field_default_value = 'test';
$field_modification_sql_command = "ALTER TABLE MyTable ALTER COLUMN MyColumn SET DEFAULT '" . $new_field_default_value . "'";
$temp_db_res = mysqli_query($db_conn_handle, $field_modification_sql_command);
- , , ( ?), ?