...

View Full Version : Need help with UPDATE in Prepared Statement



doubledee
09-08-2011, 06:35 AM
I am having trouble with the syntax of an UPDATE in my Prepared Statement.

Here is what I have...


// Build query.
$r = "UPDATE member
SET pass = SHA1('$newPass')
WHERE email=?";


I started thinking that is incorrect because of $newPass...

Should it maybe be...


// Build query.
$r = "UPDATE member
SET pass = ?
WHERE email=?";

// Prepare statement.
$stmt2 = mysqli_prepare($dbc, $r);

// Bind variable.
mysqli_stmt_bind_param($stmt2, 'ss', $email, SHA1('$newPass'));


I really have no clue on this one?!



Debbie

kbluhm
09-08-2011, 07:43 AM
Give this a shot:


// Build query
$r = '
UPDATE `member`
SET `pass` = SHA1( ? )
WHERE `email` = ?
LIMIT 1
';

// Prepare statement
$stmt2 = mysqli_prepare( $dbc, $r );

// Bind variable names
mysqli_stmt_bind_param( $stmt2, 'ss', $newPass, $email );

// Assign variables
// For this example, we're grabbing posted data
$email = $_POST['email'];
$newPass = $_POST['newPass'];

// Execute statement
mysqli_stmt_execute( $stmt2 );

// How many rows were affected?
// Because of the `LIMIT 1`, it will be either `0` or `1`
$affected_rows = mysqli_stmt_affected_rows( $stmt2 );



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum