Jump to content

Recommended Posts

Hi Every Body

I am facing problem in retreving the data from my mysql table I want to use prepared statement with mysqli for security reason. Here is my code Please give a guidance -

<?php
$host="localhost"; // Host name
$username="**********"; // Mysql username
$password="**********"; // Mysql password
$db_name="**********"; // Database name
$tbl_name1="**********"; // tem Table name
$tbl_name2="**********"; // registered user table
$mysqli = new mysqli($localhost, $username, $password, $db_name);
if ($mysqli->connect_errno)
{
echo "Connection Failed: " . mysqli_connect_errno();
   exit();
}
$count=null;
$passkey=$_GET['passkey'];
echo $passkey;  // exact passkey printed
if($stmt = $mysqli -> prepare("SELECT * FROM $tbl_name1 WHERE confirm_code=?"))
{
   $stmt -> bind_param("s", $passkey);
   $stmt -> execute();
   $stmt->store_result();
   $count=$stmt->num_rows;
   echo "\n".$count;   // getting the value 1 which is correct
   if($count==1)
   {
while($rows = $stmt->fetch_assoc())
{
  $v_fname=$rows['temp_first_name'];
  $v_lname=$rows['temp_last_name'];
  $v_sex=$rows['temp_sex'];
  $v_phone=$rows['temp_phone'];
  $v_city=$rows['temp_state'];
  $v_state=$rows['temp_city'];
  $v_pin=$rows['temp_pin'];
  $v_schoolname=$rows['temp_school_name'];
  $v_class=$rows['temp_class'];
  $v_subject=$rows['temp_computer_subject'];
  $v_board=$rows['temp_board'];
  $v_session=$rows['temp_session'];
  $v_email=$rows['temp_email'];
  $password=$rows['temp_password'];
  $v_salt=$rows['temp_salt'];
if (!($insert_stmt = $mysqli->prepare("INSERT INTO $tbl_name2 (first_name,last_name,sex,phone,state,city,pin,school_name,class,computer_subject,board,  session,email,password,salt) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)")))
{
 echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
}
if(!$insert_stmt->bind_param('sssiiisssssssss',$v_fname,$v_lname,$v_sex,$v_phone,$v_city,$v_state,$v_pin, $v_schoolname,$v_class,$v_subject,$v_board,$v_session,$v_email, $password,$v_salt))
{
 echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
if(!$insert_stmt->execute())
{
 echo "Execute failed: (" . $mysqli->errno . ") " . $mysqli->error;
}
else
{
 //echo "Data saved properly";
 $flag=1;
 if($flag==1)
 {
  echo "<body bgcolor='#FFFF99'>";
  echo "<p align='center'><font color='#008000' size='6' face='Verdana'>";
  echo "Congratulation...!! </font>";
  echo "</br>";
  echo "<font color='e80005' size='5'>Your account has been activated</font>";
  if ($stmt = $mysqli->prepare("DELETE FROM $tbl_name1 WHERE confirm_code = ? LIMIT 1"))
			 {
					 $stmt->bind_param("s",$passkey);	 
					 $stmt->execute();	 
			 }
 }
}
  }
  }
}
else
{
echo "Select Failed: (" . $mysqli->errno . ") " . $mysqli->error;
echo "<body bgcolor='#FFFF99'>";
   echo "<p align='center'><font color='#e80005' size='6' face='Verdana'>";
   echo "SORRY...! </font>";
   echo "</br>";
   echo "<font color='#e80005' size='5'>Your Confirmation code is not correct</font>";
}

 $stmt->close();

Probably, because that function doesn't exist?

 

The manual is a necessary reference, you have to learn to check there first ;)

 

http://www.php.net/m...mysqli-stmt.php

 

As to your problem,

http://www.php.net/m...-stmt.fetch.php

 

Ninja'd.

Edited by xyph

Thanx for guidence but I'm confused now how to fetch the value from array here I am modifying my code -

 

if($stmt = $mysqli -> prepare("SELECT * FROM $tbl_name1 WHERE confirm_code=?"))
{
$stmt -> bind_param("s", $passkey);
$stmt -> execute();
$stmt->store_result();
$count=$stmt->num_rows;
echo "\n".$count; // getting the value 1 which is correct
if($count==1)
{
$rows = $stmt->get_result();
$res=$rows->num_rows;
$rows->data_seek($res);
[b]// I am not getting link from here HOW CAN I get the value $rows->fetch_assoc());[/b]
$v_fname=$rows['temp_first_name'];
$v_lname=$rows['temp_last_name'];
$v_sex=$rows['temp_sex'];
$v_phone=$rows['temp_phone'];

if($stmt = $mysqli -> prepare("SELECT * FROM $tbl_name1 WHERE confirm_code=?"))
{
$stmt -> bind_param("s", $passkey); //bind param.
$stmt -> execute(); //execute the query.
$stmt->bind_result($temp_firstname,$temp_lastname,$temp_sex,$temp_phone); //bind results.
$rows = $stmt->fetch(); //fetch results.
$count=$stmt->num_rows; //count of rows.
echo "\n".$count; // getting the value 1 which is correct
if($count==1) //if count is equal to 1
{
echo $temp_firstname . ', ' . $temp_lastname . ', ' . $temp_sex . ', ' . $temp_phone; //echo the bound variables.
}

 

This should work. (should as in this excerpt).

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.