Jump to content

Search the Community

Showing results for tags 'prepare statement'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Welcome to PHP Freaks
    • Announcements
    • Introductions
  • PHP Coding
    • PHP Coding Help
    • Regex Help
    • Third Party Scripts
    • FAQ/Code Snippet Repository
  • SQL / Database
    • MySQL Help
    • PostgreSQL
    • Microsoft SQL - MSSQL
    • Other RDBMS and SQL dialects
  • Client Side
    • HTML Help
    • CSS Help
    • Javascript Help
    • Other
  • Applications and Frameworks
    • Applications
    • Frameworks
    • Other Libraries
  • Web Server Administration
    • PHP Installation and Configuration
    • Linux
    • Apache HTTP Server
    • Microsoft IIS
    • Other Web Server Software
  • Other
    • Application Design
    • Other Programming Languages
    • Editor Help (PhpStorm, VS Code, etc)
    • Website Critique
    • Beta Test Your Stuff!
  • Freelance, Contracts, Employment, etc.
    • Services Offered
    • Job Offerings
  • General Discussion
    • PHPFreaks.com Website Feedback
    • Miscellaneous

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Age


Donation Link

Found 5 results

  1. Hello, I hope it's ok to ask this question here. I have a registration script, but I'm not sure how to handle it efficiently and I have some questions about it. This is used in the page 'signup.php'. The class is called 'User'. I haven't noticed any errors or bugs. It would be very useful for me to be aware of my mistakes. public function regUser($uname,$upass,$upassverify) { $new_password = password_hash($upass, PASSWORD_DEFAULT); if(!password_verify($upassverify, $new_password)) { // passwords are not the same (I thought it would be better to do this after hashing, but maybe it doesn't matter or it's worse. I'm not sure about it) $info = 'pass_err'; } $stmt1 = $this->db->prepare("SELECT * FROM users WHERE username=:uname"); $stmt1->execute(array(':uname'=>$uname)); if($stmt1->rowCount() > 0) { // this username has already been used $info = 'user_err'; } if (!$info) { $stmt2 = $this->db->prepare("INSERT INTO users(username,password) VALUES(:uname, :upass)"); $stmt2->bindparam(":uname", $uname); $stmt2->bindparam(":upass", $new_password); $stmt2->execute(); // succesfully made an account $info = "success"; } header("Location:/signup.php?status=".$info); exit(); } Am I using the prepared statements as how I should be using them? Is this a safe way of handling my data or do you see vulnerabilities? I'm using PRG to prevent resubmission but I want to show a 'everything is fine' or 'oh no, something went wrong' to the one who is signinup. If I now go to signup.php?status=success, i see 'eveything is fine', without actually signing up, is there a better way to do this or can I somehow prevent everyone being able to see this? As you might have noticed in my last post, my English is not very good, sorry about that. Thanks, Fabian
  2. Hi, How do you split a search string by space and put it into a prepare query? $strings = $_POST['strings']; $string_array = explode(" ", $strings); $search = $mysqli->prepare(" SELECT * FROM core_table where item_name in ( ? ) "); $search->bind_param("s", $string_array); ...
  3. Hi Trying to implement with the prepare statement, and it gives me this error. "PHP Fatal error: Call to a member function prepare() on null." Anybody knows what is wrong? function listMerchant() { $merchant = array(); $merchantList = $this->mysqli->prepare("SELECT * FROM core_merchant"); $merchantList->execute(); while($merchantRows = $merchantList->fetch_array()) { $merchant[] = $merchantRows; } $merchantList->close(); return $merchant; }
  4. I'm new to coding and prepared statements. I'm getting: "Fatal error: Call to a member function bind_param() on a non-object in /home/content/01/3251001/html/Manage-Users/acc-files/updateRecord.php on line 17" For this: <?php include "db_connect.php"; if(isset($_POST['UserID'])){ $stmt = $con -> prepare('UPDATE UserList SET Status = ?, FirstName = ?, LastName = ?, Username = ?, Email = ?, Department = ?, Manager = ?, WHERE UserID = ?'); $stmt -> bind_param('isssssss', /* Line 17 */ $_POST['Status'], $_POST['FirstName'], $_POST['LastName'], $_POST['Username'], $_POST['Email'], $_POST['Department'], $_POST['Manager'], $_POST['UserID']); $stmt->execute(); } Thank you in advance for helping.
  5. Hello, I am trying to use array in bind statement to avoid entering bind manually Below, I set up the array, then imploded the array to insert , on it // to return 1,2,5 , but I got error Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables $arr = [1,2,5]; $arr_as_string = implode( ',',$arr); $type = 'iii'; $params = [$type,$arr_as_string]; $tmp = []; foreach($params as $key => $value) $tmp[$key] = &$params[$key]; call_user_func_array([$query, 'bind_param'], $tmp);
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.