sqlnoob

error no doesn't work, as nothing happens beyond the update as for the user ID I am aware of that. The actual one will have a random key, which i left out here.

<?php //COOKIE CHECKER if (isset($_COOKIE["person"])){ if (filter_var($_COOKIE["person"], FILTER_VALIDATE_INT)){ $user_id = $_COOKIE["person"]; //DATABASE CONNECTION VARIABLES $myserver ="localhost"; $myname = "username"; $mypassword = "password"; $mydb ="dbname"; /*SQL CONNECTION*/ // Create connection $conn = new mysqli($myserver, $myname, $mypassword, $mydb); // Check connection if ($conn->connect_error) { echo '<!DOCTYPE HTML> <HTML> <HEAD> <TITLE>test</TITLE> </HEAD> <BODY> <H1>Decline of the Han - Three Kingdoms</H1>'; die("Connection failed: " . $conn->connect_error); echo '</BODY> </HTML>'; } else { //COUNT USER $cquery = "SELECT COUNT(*) AS usercheck FROM Players WHERE ID = ?"; $cid = $conn->prepare($cquery); $cid->bind_param('i', $user_id); $cid->execute(); $cid->bind_result($usercheck); $cid->fetch(); if ($usercheck ==1){ if (isset($_POST["profile"])){ if(!filter_var($_POST["profile"], FILTER_SANITIZE_STRING)){ echo '<!DOCTYPE HTML> <HTML> <HEAD> <TITLE>test</TITLE> </HEAD> <BODY>'; echo '<P class="error">Unable to filter bio <a href="biography.php">return</a></P>'; echo '</BODY> </HTML>'; } else { $profile = $_POST["profile"]; $sql = "UPDATE Player_Data SET Bio =? WHERE ID=?"; $q = $conn->prepare($sql); $q->bind_param("si", $profile, $user_id); $q->execute(); echo '<P>Biography altered <a href="biography.php">return</a></P>'; //close connection $conn->close(); } } } else { echo '<!DOCTYPE HTML> <HTML> <HEAD> <TITLE>test</TITLE> </HEAD> <BODY>'; echo '<P class="error">'.$usercheck.' '.$user_id.'</P>'; echo '<P class="error">No such user found!</P>'; //close connection $conn->close(); //foot echo '</BODY> </HTML>'; } //end connection check } } else { echo '<!DOCTYPE HTML> <HTML> <HEAD> <TITLE>test</TITLE> </HEAD> <BODY>'; echo '<P class="error">ERROR invalid cookie!</P>'; echo '</BODY> </HTML>'; } } else { echo '<!DOCTYPE HTML> <HTML> <HEAD> <TITLE>test</TITLE> </HEAD> <BODY>'; echo '<P class="error">No cookie detected!<br><a href="login.php">login</a></P>'; echo '</BODY> </HTML>'; } ?> I have an error in the update, but I am not seeing where I made it. Its annoying because the update won't execute and anything beyond the update isn't visible in the html source code in the browser, so it is likely to be a syntax error, but where?

thanks for the replies guys. That was what I needed.

//DATABASE CONNECTION VARIABLES $myserver ="localhost"; $myname = "myname"; $mypassword = "mypassword"; $mydb ="mygamedb"; /*SQL CONNECTION*/ // Create connection $conn = new mysqli($myserver, $myname, $mypassword, $mydb); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } else { //variables $username = $_POST["username"]; $password = $_POST["password"]; $ip = $_SERVER['REMOTE_ADDR']; //INSERT USER //prepare and bind $stmt = $conn->prepare("INSERT INTO Players (Username, Password, IP) VALUES (?, ?, ?)"); //bind parameters $stmt->bind_param("sss", $username, $password, $ip); //set parameters and execute $stmt->execute(); //close $stmt->close(); //FETCH ID $resultnews = mysql_query("SELECT * FROM Players WHERE Username ='$username'"); $rownews = mysql_fetch_array($resultnews); $user_id = $rownews["ID"]; } After having suffered an SQL injection into one of my sites, I figured it was time to overhaul it and use prepared statements. I am new to this. I figured out how to an INSERT with an example, but now I need to fetch an ID and cannot get it to work. Any help much obliged. All I need is just one good example. Looked all over the place, but all I get are insert examples, which is NOT what i need. Really need one with a select and fetch.

hello all, Can anyone recommend an ftp program, that is able to open a map that contains thousands of smaller maps with thousands of photos. For some reason I'm unable to download let alone open a map via ftp that has about 17.000 maps in it with about 20.000 photo's. I've tried filezilla, fireftp, leechftp, none of which do the trick. I use windows vista.

I have a browser based strategy game hosted on starthosting.nl It's a really cheap host, you can get it for as little as 1 euro a month (to be paid annually). The host offers php and sql. Premium allows for a maximum of 10 sql databases and as much mail accounts. Downtime is about 2 times a year and usually for a few hours. Downsides are that it offers no tech support whatsoever (not something i had problems with as everything works fine), you can't do cronjobs with the account and the server seems to be slow sometimes. The major downside however is the limited bandwidth you get (it's only 5 GB per month). I expect the activity of my site to pick up this september (when schools start, i have a lot of students playing my game) and i'll probably get close to my bandwidth limit. Right now the game allows for a maximum of 200 players (due to bandwidth), but i'm looking to expand my game. Right now I'm searching for a host that offers the following: -1 lots of bandwidth for a low price -2 allows for unlimited amount of sql databases -3 allows to do cronjobs -4 has a fast server capable of handling large amounts of users who login at the same time I've done some google searches and have looked and compared some dutch hosts. Right now i'm leaning towards simple-hosting because a basic account offers 40GB of bandwidth for 5 euro a month (= 60 euro a year, a price i can/willing to afford). However I have no idea how many sql databases i get with that account and i don't know if they allow to do cronjobs. also... The FTP upload of the account has to be basic and simple. Right now I'm using leechFTP to upload the pages (which works fine with my old computer (98se, yes not joking)). I realize i'm being very picky, but if any of you know a host that offers what i'm looking for, then i love to hear it