code compare

[cypher86]

hello,

i developed a php script which get called via autocomplete jQuery.

surfing the internet i found the following script that does the work 

$term = trim(strip_tags($_GET['term']));//retrieve the search term that autocomplete sends
$qstring = "query text";
$result = mysql_query($qstring);//query the database for entries containing the term

while ($row = mysql_fetch_array($result,MYSQL_ASSOC))//loop through the retrieved values
{
	$row['field1']=htmlentities(stripslashes($row['field1']));
	$row['field2']=htmlentities(stripslashes($row['field2']));
	$row['field3']=htmlentities(stripslashes($row['field3']));
	$row['id']=(int)$row['id'];
        $row_set[] = $row;//build an array
 }
echo json_encode($row_set);//format the array into json data

but i wanted (for security reason) to use bind parameter so i convert it to

$term = trim(strip_tags($_GET['term']));//retrieve the search term that autocomplete sends
$qstring = "query string";

$search="%$term%";
$sql=$db->prepare($qstring);
$sql->bind_param('s',$search);
$sql->execute();
$sql->bind_result($id,$field1,$field2,$field3);

//build an array
while($sql->fetch()) {
	$row['id']=(int)$id;
	$row['field1']=htmlentities(stripslashes($field1));
	$row['field2']=htmlentities(stripslashes($field2));
	$row['field3']=htmlentities(stripslashes($field3));
	$row_set[]=$row; 
}
echo json_encode($row_set);//format the array into json data*/

i echoed the output and seems identical to me, still with the first script the autocomplete works while the second don't.

any clue?

[mac_gyver]

you have asked this before - http://forums.phpfreaks.com/topic/295157-code-compare/#entry1507847

 

please stick to that existing thread and you need to answer the questions asked in order to provide us with information upon which to help you.