Asked  9 Months ago    Answers:  5   Viewed   58 times

I have this code, and works perfectly, but i want to make a simple modification

    <?php session_start();
require 'includes/f_banco1.php';
require '../PasswordHash.php';


function checkBd($sql, $db, $user, $codePass) {
    $user = $_GET['userid']; //here
    $codePass = $_GET['code'];//here

    if(is_numeric($user)) {

        ($sql = $db->prepare("select userid, code from password_reset where userid=? and code=?"));

        $sql->bind_param('ss', $user, $codePass);

        $sql->execute();

        $sql->bind_result($user, $codePass);

        if ($sql->fetch()) {
            $_SESSION['u_name']= sha1($user);
            header("location: updatePass.php");
            return true;
        }
        else
        echo "Não existe na BD";
        return false;

    }
    else
    echo "Erro";

}

checkBd ($sql, $db, $user, $codePass);

?>

i want to change these lines

$user = $_GET['userid']; //here
$codePass = $_GET['code'];//here

to

    $user = mysqli_real_escape_string($db, $_GET['userid']);
$codePass = mysqli_real_escape_string($db, $_GET['code']);

but with this change the code simple stops work, an echo of $user doesn't show nothing

any idea?

thanks

 Answers

94

You do not need to do that. You are using prepared statements, which escape the variables automatically.

Wednesday, March 31, 2021
 
laurent
answered 9 Months ago
99

Assign the second statement to new variable so it wouldn't override the first variable and cause the "all data must be fetched.." error.

if ($stmt = $this->mysqli->prepare("SELECT entry, author, time FROM messages WHERE user = ?")) {
        $stmt->bind_param("s", $user_name);
        $stmt->execute();
        $stmt->bind_result($entry, $author, $time);

        while ($stmt->fetch()) {             
            if ($st = $this->mysqli->prepare("SELECT photo_id FROM photos WHERE user = ?")) {
                $st->bind_param("s", $author);
                $st->execute();   
                $st->bind_result($photo_id); 
            }
            //echo $photo_id;
            $st->close();
        }    
    $stmt->close();
}
Wednesday, March 31, 2021
 
LoicTheAztec
answered 9 Months ago
20

A quick google search brought up the following PHP Bug entry: https://bugs.php.net/bug.php?id=55737.

This issue seems to revolve around the php.ini setting open_basedir: http://www.php.net/manual/en/ini.core.php#ini.open-basedir

The LOAD DATA LOCAL INFILE function does not work with mysql5.5 and php5.4.4 on Debian Wheezy with open_basedir restrictions in place. It works perfectly fine when open_basedir is disabled or set to nothing.

EDIT (solution for reference): OP's issue was with the "SET AUTOCOMMIT = 0" init command. It was loading and processing, but not being committed to the db.

Saturday, May 29, 2021
 
Puneet
answered 7 Months ago
71

you can't print the result from mysqli_query, it is mysqli_resource and for dumping the error you need to change mysql_error() to mysqli_error()

$username = "bob";
$db = mysqli_connect("localhost", "username", "password", "user_data");
$sql1 = "select id from user_information where username='$username'";
$result = mysqli_query($db, $sql1) or die(mysqli_error());
while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { 
    echo $row['id'].'<br>'; 
} 
Saturday, May 29, 2021
 
pamelus
answered 7 Months ago
24

I don't think it will work this way. When you close the statement (e.g. $menu_stmt->close();) you also deallocate the statement handle. So the second time through the loop you don't have the prepared statements available to work with anymore.

Try closing the statements after the loop has finished executing.

Friday, August 6, 2021
 
NIKHIL
answered 4 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
 
Share