V Posted June 27, 2010 Share Posted June 27, 2010 I'm follwing a tutorial that uses MYSQL but I have everything set up using MYSQLI , object-oriented. I don't know how to make the code work. The code is this. Half is object oriented and the rest I can't figure out how to change $connection = dbConnect(); //connects to DB //$post_id value comes from the POSTS table $post_id = $_GET['post']; // prepare the SQL query $sql = "SELECT * FROM comments WHERE post_id='$post_id' ORDER BY com_id DESC LIMIT 9"; $result = $connection->query($sql) or die(mysqli_error($connection)); $timeline=''; while ($row = $result->fetch_assoc()) { $timeline.=formatTweet($row['com_dis'],$row['date']); } // fetch the latest tweet $lastTweet = ''; list($lastTweet) = mysqli_fetch_array(mysqli_query("SELECT com_dis FROM comments ORDER BY com_id DESC LIMIT 1")); if(!$lastTweet) $lastTweet = "You don't have any tweets yet!"; I get errors on this line list($lastTweet) = mysqli_fetch_array(mysqli_query("SELECT com_dis FROM comments ORDER BY com_id DESC LIMIT 1")); Warning: mysqli_query() expects at least 2 parameters, 1 given... Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in... I tried a bunch of variation but get parse errors. Can someone please help? Link to comment https://forums.phpfreaks.com/topic/206005-another-mysql-to-mysqli-issue/ Share on other sites More sharing options...
Mchl Posted June 27, 2010 Share Posted June 27, 2010 $connection = dbConnect(); //connects to DB <-- I'm assuimg it returns MySQLi object //$post_id value comes from the POSTS table $post_id = (int)$_GET['post']; // actually seems like coming from GET table //notice I'm casting it to int (integer) as a way of protection against SQL injection // prepare the SQL query $sql = "SELECT * FROM comments WHERE post_id=$post_id ORDER BY com_id DESC LIMIT 9"; $result = $connection->query($sql) or die($connection->error); $timeline=''; while ($row = $result->fetch_assoc()) { $timeline.=formatTweet($row['com_dis'],$row['date']); } // fetch the latest tweet $sql= "SELECT com_dis FROM comments ORDER BY com_id DESC LIMIT 1"; $result = $connection->query($sql) or die($connection->error); if($row = $result->fetch_assoc()) { $lastTweet = $row['com_dis']; } else { $lastTweet = "You don't have any tweets yet!"; } Link to comment https://forums.phpfreaks.com/topic/206005-another-mysql-to-mysqli-issue/#findComment-1077952 Share on other sites More sharing options...
V Posted June 27, 2010 Author Share Posted June 27, 2010 Mchl you're truly a guru! Thanks!! Link to comment https://forums.phpfreaks.com/topic/206005-another-mysql-to-mysqli-issue/#findComment-1077961 Share on other sites More sharing options...
V Posted June 27, 2010 Author Share Posted June 27, 2010 Ooh! I didn't notice the (int) by $_GET['post'] Thanks for that, I'll use it everywhere Link to comment https://forums.phpfreaks.com/topic/206005-another-mysql-to-mysqli-issue/#findComment-1077972 Share on other sites More sharing options...
Mchl Posted June 27, 2010 Share Posted June 27, 2010 Only when the value should in fact be an integer. For strings use $connection->real_escape_string() Link to comment https://forums.phpfreaks.com/topic/206005-another-mysql-to-mysqli-issue/#findComment-1077973 Share on other sites More sharing options...
V Posted June 27, 2010 Author Share Posted June 27, 2010 Yup I use real_escape_string() everywhere too but I'm sure parts of my script are still vulnerable to attacks. I'm planning to learn in-depth about sql prevention once everything is functional. Link to comment https://forums.phpfreaks.com/topic/206005-another-mysql-to-mysqli-issue/#findComment-1077974 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.