cyberRobot

Did you change the call to mysqli_stmt_bind_param() as suggested by Barand? If not, try changing this mysqli_stmt_bind_param($statement, "siss", $name, $email, $password); To this mysqli_stmt_bind_param($statement, "sss", $name, $email, $password); The other thing that Barand mentioned refers to this portion $response = array(); $response["success"] = true; echo json_encode($response); No matter what happens with the query, you will get "true" since it's hard coded. Instead, you need to test the return value of the call to mysqli_stmt_execute(). More information can be found here: http://php.net/manual/en/mysqli-stmt.execute.php

Yep, sorry about that.

Sure, I have no argument there. And I am glad you are pointing these types of issues out. I'm learning a lot from your posts.

After the database connection is made, you'll need to select the database. More information can be found here: http://php.net/manual/en/mysqli.select-db.php

I don't claim I know everything about SQL, PHP, etc. I have never seen a column name like "account.1.sip_server.1.address". So I apologize for assuming that maybe there was some "magic" going on somewhere. For what it's worth, I just tested a query like what the OP posted. And the query worked once I added the backticks. Note: I'm not saying that "account.1.sip_server.1.address" is a great column name. I'm also not saying that the OPs database table is perfect. I'm just offering a reason why the query failed. That way the OP can be prepared for the next query if he/she chooses to name the columns this way.

Just to clarify, "account.1.sip_server.1.address" is a column name? If so, have you tried using backticks (`)? UPDATE global_settings SET `account.1.sip_server.1.address` = '$sipserver1'... Without backticks, SQL thinks you are trying to use a table alias.

Thanks for all the feedback! Yep, that would be useful. I'll look into switching...at some point... Thanks kicken! I figured something like this would be possible. I've passed variables by reference to functions before. I didn't think to use the technique elsewhere.

Yep, that was something I recently learned too. It's made my code so much cleaner.

In case it's of interest, I added a few things to ginerjm's points below. The <label> tag can also wrap around the input field. That way you don't need to worry about the id and for attributes. The W3C has a great tool for validating HTML code here: http://validator.w3.org/

For the sake of others, the code from form1.php can be found below. Note that some of the formatting was lost when I pasted the code. So I quickly added some indents. Hopefully everything is correct. <?php session_start(); ?> <?php function setTop(){ $_top = ""; $_top = "<!doctype html>"; $_top .= "<html>"; $_top .= "<head>" . $this->_headSection; $_top .= "<title>" . $this-> _title . "</title>"; $_top .= "</head>"; $_top .= "<body>"; $this-> _top = $_top; } function setassign3(){ // function creates the form $_assign = "<form action= '' method='POST' method='SESSION'>"; //calls form1.php and posts $_assign .= "<p>Enter Name, and a Number and Email</p>"; $_assign .= "<p>Name:</p><input type = 'text' name = 'name' id = 'name' value = '' >";//field for the name $_assign .= "<p>Number:</p><input type='number' name='number' id = 'number' value = '' >";//field for number $_assign .= "<p>Email:</p><input type='email' name='email' id = 'email' value = '' >";//field for number $_assign .= "<p></P><input type='submit' value='submit' >"; $_assign .= "</form>"; $this-> _assign = $_assign; } //if($_SERVER["REQUEST_METHOD"] == "POST"){ // code from http://stackoverflow.com/questions/22265509/why-should-we-use-if-serverrequest-method-post if (isset($_POST['name']) && !empty($_POST['name'])){// http://stackoverflow.com/questions/13045279/if-isset-post $name= filter_var($_POST['name'], FILTER_SANITIZE_STRING); print($name); } else { print "please enter your name"; } if($_SERVER["REQUEST_METHOD"] == "POST"){ if (isset($_POST['email']) && !empty($_POST['email'])){ //http://stackoverflow.com/questions/13045279/if-isset-post filter_var($_POST['email'], FILTER_VALIDATE_INT); $email = filter_var($_POST['email'], FILTER_SANITIZE_NUMBER_INT); print $email; }else{ print "<P>please enter a valid number</P>"; } } if($_SERVER["REQUEST_METHOD"] == "POST"){ // code from http://stackoverflow.com/questions/22265509/why-should-we-use-if-serverrequest-method-post if (isset($_POST['email']) && !empty($_POST['email'])){// http://stackoverflow.com/questions/13045279/if-isset-post $email= filter_var($_POST['email'], FILTER_SANITIZE_STRING); print($email); } else { print "please enter a valid email"; } } ?>

It looks like your form is created within the setassign3() function. Where is the function being called? Also note that $this is used for class methods. As far as I can tell, setassign3() is just a user-defined function.

Thanks requinix! I might add a space character before and after the $row variables. That should hopefully make those more distinguishable. Note that I would be happy to hear any additional feedback.

Does anyone have suggestions for formatting the following line: $projects[$row['phaseNum']]['tasks'][$row['taskNum']] = 'task information'; The code works fine, but it's cumbersome. How would you write the line to improve readability? Note that I don't necessarily need to use arrays. I'm open to other ideas.

How are you calling the class? Note that the class is named "SessionManager". And the lines of code you showed from the article are calling a static class named "SessionManage".

I have no problem with that. Your help is appreciated around here. And I mean that with all sincerity. What I'm trying to get at, is that the OP asked the following question: And the first response was to throw everything out, use PDO, fix security holes, etc. Do you not see how frustrating that could be to someone who is looking for a specific answer? Right or wrong, the OP probably just wants to know how to get the search query working. Once that's done, they can worry about SQL injection attacks, etc. Granted, the OP could tune everyone out after the problem is solved. But there is no guarantee they are not doing that already. Perhaps they are just playing along to avoid confrontation. And yes I've done that when I first started out.

I don't disagree. But is there no happy medium? Are the only boxes I get to check are "junk code" and "perfect code". How about helping people one step at a time. If they come back to learn more, great! It sounds like you're taking on too much responsibility. You can't force people to learn. Sometimes people need to make their own mistakes.

Sorry about that. I guess I don't typically get offended by things like that. I apologize for any offense. With that said, I think it's more offensive to dismiss someone's work just because it isn't perfect. Note that I'm not talking about the importance of using secure code or switching to PDO or whatever. I'm just growing tired of people coming here with a specific question. And then they get slammed because their code is missing such and such a feature. What are we saying to people who are learning. They may have put a lot of effort into their script. They may have been exhilarated by what they were able to accomplish. But then they are told to start over. That their code is completely worthless. Now, I'm not saying we need to hold everyone's hand. But we also don't need to bombard them with everything that's "wrong" with the script. They will learn eventually, hopefully.

In Reply #10, Jessica mentioned that she was following "certain instructions." Of course, she didn't say those instructions told her to use specific functions. Maybe she's allowed to solve the problem however she wants. Or maybe she's supposed to solve in a certain method. I don't know. At times, yes. But most of my instructors were just fine.

I'm not sure where you got that from. I have no problem with suggesting PDO. For those unaware that the mysql_* functions are going away, it's good to let them know. Then it's up to them to decide on how to proceed. With that said, if I was taking a collage course and my project said to use the old mysql_* functions to solve a given problem, I would use the outdated method. I may approach the professor about the outdated method. But I wouldn't jeopardize my grade because others were telling me the code is garbage.

See Reply #15

Try changing eq = $bdd->prepare('INSERT INTO user (name, password, email, quater) VALUES (?, ?, ?, ?)'); To this $req = $bdd->prepare('INSERT INTO user (name, password, email, quater) VALUES (?, ?, ?, ?)');

Welcome Jessica! Even if you don't become a full-time programmer, it's nice working with designers who are somewhat familiar with programming. Or perhaps you'll fall in love with programming and JOIN US.

Welcome

Do you think there's any value in knowing the old coding style? There's going to be a lot of broken scripts in the very near future, once PHP 7+ is the only option. Someone needs to know how those old scripts used to work and be able to replace the mysql_* function calls. I'm having difficulties putting myself in the shoes of a newbie for this particular problem.

@JessicaC - It sounds like you solved your initial question. Is that correct? For what it's worth, PHP 6 was in development but was scrapped. The developers ended up going in a different direction. Since articles and books were being written for PHP 6, the developers of PHP decided to name the next release PHP 7. More information can be found here: https://en.wikipedia.org/wiki/PHP#PHP_6_and_Unicode I haven't spent any time with PHP 6, so I don't know off hand the differences between PHP 6 and PHP 7. But if you are interested, I'm sure you could find the information somewhere.