Jump to content

Should mysqli_stmt_bind_result Come After mysqli_stmt_bind_execute ?

phpsane

By phpsane
in PHP Coding Help

 Share

Recommended Posts

phpsane Advanced Member

phpsane

Posted
Posted

Php Folkies,

 

Look at this account activation script. It gets triggered when a new member clicks an account activation link he gets emailed. 

	<?php 
//Required PHP Files. 
include 'configurations_site.php'; //Required on all webpages of the site. Must include here too. Else, conn.php data would not be found. conn.php residing in site_configurations.php. 
include 'header_site.php'; //Required on all webpages of the site. 
include 'header_account.php'; //Required on all webpages of the account. 
include 'sessions.php'; //Required on all webpages of the site. 
?> 
	<?php 
	//Step 1: Check whether URL is in the GET method or not. 
	//Perform following actions if URL is not in the GET Method and does not contain user Email and Account Activation Code. 
if(!isset($_GET["primary_website_email"],$_GET["account_activation_code"]) === TRUE) 
{ 
    //Give the User Alert that the Account Activation Link is Invalid. 
    echo "Invalid Account Activation Link! Try registering for an account if you do not already have one! <a href="\"register.php\">Register here!</a>"; </p> 
    exit(); 
} 
else 
{ 
//Step 2: Check User submitted details. 
	    $primary_website_email = htmlspecialchars($_GET['primary_website_email']); 
    $account_activation_code = htmlspecialchars($_GET['account_activation_code']); 
    //2A. Check User Inputs against Mysql Database. 
    //Select Username, Primary Domain and Primary Domain Email to check against Mysql Database if they are pending registration or not. 
    $stmt = mysqli_prepare($conn, "SELECT username, account_activation_status FROM users WHERE primary_website_email = ? AND account_activation_code = ?"); 
    mysqli_stmt_bind_param($stmt,'si',$primary_website_email,$account_activation_code); 
    mysqli_stmt_bind_result($stmt,$username,$account_activation_status); 
	    //Perform the following if Account Activation Link was valid (the "Primary Website Email" and "Account Activation Code" match that were found via the GET Method). 
    if(mysqli_stmt_execute($stmt)) && mysqli_stmt_fetch($stmt)) 
    { 
        //Perform the following if the "Account Activation Status is not found to be "0" (Account Activation Pending) on Mysql Database. 
        if($account_activation_status = 1) 
        { 
            //Give the User Alert that their Account is already active. 
            echo "Since you have already activated your account then why are you trying to activate it again ? Simply <a href="\"login.php\">log-in here</a>! "; 
            exit(); 
        } 
        else 
        { 
            //Set Account Activation Status to 1 (1 = "Account Activated"; And 0 = "Activation Pending") on Tbl. 
            $account_activation_status = 1; 
            $stmt = mysqli_prepare($conn,"UPDATE users SET account_activation_status = ? WHERE username = ?"); 
            mysqli_stmt_bind_param($stmt,'is',$account_activation_status,$username); 
            if(mysqli_stmt_execute($stmt)) 
            { 
                //Give user Alert that their Account has now been Activated. 
                echo <h3 style='text-align:center'>Thank you for your confirming your email and activating your account. <br> 
                Redirecting you to your Home Page ...</h3> 
                $_SESSION["user"] = $username; 
                 
                //Redirecting the newly Account Activated User to their Account Home Page by identifying the User by their Session Name (Username). 
                header("location:home.php"); 
            } 
        } 
    }     
    else     
    { 
        //Perform following if Primary Website Email and/or Account Activation Code is not Pending Registration. 
        $primary_website_email = htmlspecialchars($_GET['primary_website_email']); 
        $account_activation_code = htmlspecialchars($_GET['account_activation_code']);  
        
        //Give the User Alert their Email and/or Account Activation Code in the Account Activation Link is Invalid or the Account Activation Link is out of date (Email no longer registered in the Tbl). 
        echo "Either this Email Address $primary_website_email was not pending registration with this Account Activation Code $account_activation_code or one or both of them are invalid! 
        Or, the Account Activation Link is out of date (Email no longer registered in the Tbl). 
        Try registering an account if you have not already done so! <a href=\"register.php\">Register here!</a>"; </p>
        exit(); 
    } 
} 
	?> 

 

Shall I change this: 

	    //2A. Check User Inputs against Mysql Database. 
    //Select Username, Primary Domain and Primary Domain Email to check against Mysql Database if they are pending registration or not. 
    $stmt = mysqli_prepare($conn, "SELECT username, account_activation_status FROM users WHERE primary_website_email = ? AND account_activation_code = ?"); 
    mysqli_stmt_bind_param($stmt,'si',$primary_website_email,$account_activation_code); 
    mysqli_stmt_bind_result($stmt,$username,$account_activation_status); 
	    //Perform the following if Account Activation Link was valid (the "Primary Website Email" and "Account Activation Code" match that were found via the GET Method). 
    if(mysqli_stmt_execute($stmt)) && mysqli_stmt_fetch($stmt)) 
    { 
        //Perform the following if the "Account Activation Status is not found to be "0" (Account Activation Pending) on Mysql Database. 
        if($account_activation_status = 1) 
        { 
            //Give the User Alert that their Account is already active. 
            echo "Since you have already activated your account then why are you trying to activate it again ? Simply <a href="\"login.php\">log-in here</a>! "; 
            exit(); 
        } 

 

to this where the  mysqli_stmt_bind_result($stmt,$username,$account_activation_status) has been switched to a new spot: 

    
	//2A. Check User Inputs against Mysql Database. 
    //Select Username, Primary Domain and Primary Domain Email to check against Mysql Database if they are pending registration or not. 
    $stmt = mysqli_prepare($conn, "SELECT username, account_activation_status FROM users WHERE primary_website_email = ? AND account_activation_code = ?"); 
    mysqli_stmt_bind_param($stmt,'si',$primary_website_email,$account_activation_code); 
    //Perform the following if Account Activation Link was valid (the "Primary Website Email" and "Account Activation Code" match that were found via the GET Method). 
    if(mysqli_stmt_execute($stmt)) && mysqli_stmt_fetch($stmt)) 
    { 
        //Perform the following if the "Account Activation Status is not found to be "0" (Account Activation Pending) on Mysql Database. 
	       mysqli_stmt_bind_result($stmt,$username,$account_activation_status);     
	        if($account_activation_status = 1) 
        { 
            //Give the User Alert that their Account is already active. 
            echo "Since you have already activated your account then why are you trying to activate it again ? Simply <a href="\"login.php\">log-in here</a>! "; 
            exit(); 
        } 

Link to comment
Share on other sites
phpsane Advanced Member

phpsane

Posted
  • Author
Posted
On 12/14/2018 at 11:01 PM, requinix said:

No sarcastic comments about reading the documentation yet, so consider me to be saying that.

Yeah. I did come across this:

http://php.net/manual/en/mysqli-stmt.fetch.php

 

So, I had it like this following and I now guess from your reply that I had it wrong:

$stmt = mysqli_prepare($conn,"SELECT username,account_activation_status FROM users WHERE primary_website_email = ? AND account_activation_code = ?"); 
    mysqli_stmt_bind_param($stmt,'si',$primary_website_email,$account_activation_code); 
    mysqli_stmt_bind_result($stmt,$username,$account_activation_status); 
    //Perform the following if Account Activation Link was valid (the "Primary Website Email" and "Account Activation Code" match that were found via the GET Method). 
    if(mysqli_stmt_execute($stmt)) && mysqli_stmt_fetch($stmt)) 
    { 
        //Perform the following if the "Account Activation Status is not found to be "0" (Account Activation Pending) on Mysql Database. 
        if($account_activation_status = 1) 
        { 
            //Give the User Alert that their Account is already active. 
            echo "Since you have already activated your account then why are you trying to activate it again ? Simply <a href="\"login.php\">log-in here</a>! "; 
            exit(); 
        } 

And, I should have it like the following. Right ?

$stmt = mysqli_prepare($conn,"SELECT username,account_activation_status FROM users WHERE primary_website_email = ? AND account_activation_code = ?"); 
    mysqli_stmt_bind_param($stmt,'si',$primary_website_email,$account_activation_code);     
    //Perform the following if Account Activation Link was valid (the "Primary Website Email" and "Account Activation Code" match that were found via the GET Method). 
    if(mysqli_stmt_execute($stmt)) && mysqli_stmt_fetch($stmt)) 
    { 
        mysqli_stmt_bind_result($stmt,$username,$account_activation_status); 
               //Perform the following if the "Account Activation Status is not found to be "0" (Account Activation 
               Pending) on Mysql Database. 
        if($account_activation_status = 1) 
        { 
            //Give the User Alert that their Account is already active. 
            echo "Since you have already activated your account then why are you trying to activate it again ? Simply <a href="\"login.php\">log-in here</a>! "; 
            exit(); 
        } 

Link to comment
Share on other sites
phpsane Advanced Member

phpsane

Posted
  • Author
Posted (edited)
31 minutes ago, requinix said:

Are you guessing? One of those is right and one is wrong. If you read the documentation you should be able to tell which is which.

I know it comes in this order:
mysqli_stmt_execute($stmt)
mysqli_stmt_bind_result
mysqli_stmt_fetch($stmt)

But if I got my stmt execute & fetch together like the following then does the bind result come prior to them or after ?
if(mysqli_stmt_execute($stmt)) && mysqli_stmt_fetch($stmt)) 

 

Whoever gave me the sample code, coded it like this: 

	$stmt = mysqli_prepare($conn,"SELECT username,account_activation_status FROM users WHERE primary_website_email = ? AND account_activation_code = ?"); 
    mysqli_stmt_bind_param($stmt,'si',$primary_website_email,$account_activation_code); 
    mysqli_stmt_bind_result($stmt,$username,$account_activation_status); 
	    //Perform the following if Account Activation Link was valid (the "Primary Website Email" and "Account Activation Code" match that were found via the GET Method). 
    if(mysqli_stmt_execute($stmt)) && mysqli_stmt_fetch($stmt)) 
    { 
        //Perform the following if the "Account Activation Status is not found to be "0" (Account Activation Pending) on Mysql Database. 
        if($account_activation_status = 1) 
        { 
            //Give the User Alert that their Account is already active. 
            echo "Since you have already activated your account then why are you trying to activate it again ? Simply <a href="\"login.php\">log-in here</a>! "; 
            exit(); 
        } 

Edited by phpsane
Link to comment
Share on other sites
mac_gyver Prolific Member

mac_gyver

Posted
Posted

if you are asking this question because your 1st code doesn't do what you expect, it's most likely because you are using one = in a comparison statement (which is a first week mistake) instead of two ==. despite what the documentation states, you can call bind result at any time after the mysqli statement object exists, but before you call the fetch statement (tested some time ago.)

so, rather than to ask about which of the two versions of code is correct (neither will work correctly due to the above problem in both and the calling order of the bind result/fetch statement in the second one), come right out and state what sort of problem or error you are having that leads you to ask the question in the first place.

at the risk of wasting time typing a reply that will be ignored again, you should NOT mix error handling logic with application functional  logic. you should not combine both of these tests in this line of code - if(mysqli_stmt_execute($stmt)) && mysqli_stmt_fetch($stmt)). they mean separate things and since you already have error handling for the execute() call by using exceptions to handle the database statement errors, there's no point in having conditional error handling logic in your code.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.