Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    New Coder
    Join Date
    Jan 2010
    Posts
    18
    Thanks
    3
    Thanked 0 Times in 0 Posts

    MYSQLI Statement help please

    Hi,
    I have created a blog for learning php and have created the login, register delete using mysqli statements and I am on to the edit page and having syntax error and cannot see what is wrong.
    PHP Code:
    require_once('includes/db.inc.php');
    $stmt $mysqli->prepare("SELECT postID,title,content,author,image FROM posts where postID = ?");
    $stmt->bind_param("i",$_GET['postID']);
    $stmt->execute();
    $stmt->bind_result($postID,$title,$content,$author,$image);
    $stmt->fetch();
    $stmt->close(); 
    The edit page is a link that get the postID with the correct postID. how can i check that the bind_param has the correct postID? if any??

    Thanks

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    printf('$_GET['postID'] = "%s"', &$_GET['postID']);. You can also just look in the URL so long as this isn't an AJAX request or a frame.
    We worked through a similar issue with delete, where the problem was postID was what you were looking for, while get provided id. Have you confirmed that to not be the issue with the edit?

  • #3
    New Coder
    Join Date
    Jan 2010
    Posts
    18
    Thanks
    3
    Thanked 0 Times in 0 Posts
    I have got it to work, and yes it isn't the 'get' my next problem is the edit post script that the edit page sends the data too does not update the database..
    here is my code:
    PHP Code:
    <?php
    require_once('includes/db.inc.php'); 
    $stmt $mysqli->prepare("UPDATE posts SET 
                                            title = ?, 
                                            content = ?, 
                                            author = ?,  
                                            image = ?    
                                            WHERE postID = ?"
    );
    $stmt->bind_param('ssssi'$_POST['title'], 
                           
    $_POST['content'],
                           
    $_POST['author'],
                           
    $_POST['image'],
                           
    $_POST['postID']
                           );
    $stmt->execute(); 
    $stmt->close();
    header("Location: index.php"); // redirect browser
    exit; // make sure no other code executed 
    ?>
    Should I have the WHERE to (?????)

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Drop the header and exit and add an output indicating the number of changes before you close the statement:
    PHP Code:
    printf('Affected rows: %d'$stmt->affected_rows); 
    Does that show anything other than 1?

  • #5
    New Coder
    Join Date
    Jan 2010
    Posts
    18
    Thanks
    3
    Thanked 0 Times in 0 Posts
    It goes to the page and says affected rows 0

  • #6
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Okay, find out the error. After the line added add this line: printf('SQL error: %s', $stmt->error);. What does that show?

  • #7
    Regular Coder
    Join Date
    Jan 2012
    Posts
    271
    Thanks
    2
    Thanked 65 Times in 65 Posts
    echo postID to screen and check it... it's prob invalid so there's nothing to update

  • #8
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,462
    Thanks
    0
    Thanked 633 Times in 623 Posts
    Your code is not validating the $_POST values prior to using them in the database access - it therefore will be able to contain anything at all when someone tries to break into your site and so the update call will be used to insert millions of garbage records into your database.

    You should always validate each $_POST field and move it to a field that has a name that indicates that it has been validated before you have ANY other code in your script. That way you know that the fields contain valid values when you use them.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •