Jump to content

Barand

Moderators
  • Content Count

    19,945
  • Joined

  • Last visited

  • Days Won

    419

Barand last won the day on November 17

Barand had the most liked content!

Community Reputation

1,371 Excellent

5 Followers

About Barand

  • Rank
    Sen . ( ile || sei )

Profile Information

Recent Profile Visitors

59,162 profile views
  1. Sorry, there is an error $where = "max_price <= ?"; should be $where[] = "max_price <= ?";
  2. The query has inbuilt syntax errors. Your WHERE clause will always begin with "WHERE AND … " IMO a cleaner way to include conditions only if there is a value is $min_price = 10; $max_price = 50; $featured = 1; $binds = []; $where = []; $whereclause = ''; if ($min_price > 0) { $where[] = "min_price >= ?"; $binds[] = $min_price; } if ($max_price > 0) { $where = "max_price <= ?"; $binds[] = $max_price; } if (in_array($featured, [0,1])) { $where[] = "featured = ?"; $binds[] = $featured ; } if ($where) $whereclause = 'WHERE ' . join(' AND ', $where); $find_records = $db->prepare(" SELECT * FROM projects $whereclause "); $find_records->execute($binds); $result_records = $find_records->fetchAll(PDO::FETCH_ASSOC);
  3. Or you can use ? placeholders. $find_records = $db->prepare("SELECT * FROM projects WHERE min_price >= ? AND max_price <= ? AND featured = ? "); $find_records->execute( [ $min_price, $max_price, $featured ] ); $result_records = $find_records->fetchAll(PDO::FETCH_ASSOC);
  4. If you do it the second way (no placeholders), there is no point in preparing it; just use $db->query(). CAVEAT: If $vars originated from an external source ($_GET, $_POST, $_COOKIE etc) then you are injection-prone and, as you are not even escaping the values your queries could fail. EG $username = "O'Reilly"; $res = $db->query("SELECT password FROM user WHERE username = '$username' ") // fails with syntax error and open to injection If in doubt, prepare(); Your bindings do not either, the query does. The array is just a more convenient way of binding.
  5. Your WHERE clause will then be like this... … WHERE id = N AND duplicate = 'False' You have my sympathy. Also those "Answer_x" columns should ne normalized into a separate table; separate row for each answer.
  6. The thing about programming is that it requires some thought. Why would as user_id be equal to a date value? Why don't you do some reading about how to use SQL instead of taking the "infinite monkeys with typewriters" approach in the hope you eventually come up with a right answer?
  7. PS there is a perfectly good function in php already which does all this for you $file_data = file_get_contents($file); Which reminds me, your function needs to return the file data.
  8. If KB_TO_BYTES has not been defined then you need const KB_TO_BYTES = 1024; // We don't need to write to the file, so just open for reading $fp = fopen($file, 'r'); // open file for reading if ($fp) { $file_data = fread($fp, 8 * KB_TO_BYTES); fclose($fp); //close the file }
  9. Where did I say that? The comments are fine - you need to add the code that implements the comments. You also need to ensure that the constant KB_TO_BYTES has been defined and use it correctly as a constant (ie without the quotes).
  10. You have this comment... but you don't get around to actually opening the file - the comment won't do it for you. Therefore in the next line $fp has not been defined. Further, you have put 'KB_IN_BYTES' inside quotes thus making it a string value (which has a numeric value of 0). So I guess the problem is in trying to read 0 bytes from a file that doesn't exist. And what is the comment about being "good citizens"? You don't close it either. (Has KB_IN_BYTES been defined as constant anywhere?)
  11. Try this // Attempt delete query execution $stmt = $dbc->prepare("DELETE FROM users WHERE user_id = ? "); // prepare query with placeholder (?) for id value $stmt->bind_param('i', $_SESSION['user_id']); // bind the id value to the placeholder if ($stmt->execute()) { // execute the query echo "Records were deleted successfully."; } else { echo "ERROR: Not able to execute query " ; }
  12. That same phpinfo() output will tell you the status of your error reporting settings. If you are developing on a hosted site it is probable that any error reports go to your php error log instead being displayed.
  13. You can check the location of the php.ini file being used in the first section of the output from phpinfo(); EG
  14. I can see I have been talking to myself. I have better things to than waste more time on you.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.