jalinidy

Hi All, I've been beating my head against the wall most of the day trying to get prepared statements to work. I've walked away from my desk today in frustration more than any day in recent memory! It seems like prepared statements should be simple but I'm having a heck of a time getting results from the query (no mysql_fetch_array, e.g. - at least not that I can find on php.net). Anyway, my main issue at this point is how do I output the "final" sql query from a prepared statement (that is, with the bound parameters included) in order to debug my queries? Is there a way? Or do I have to retype the query (rather than copy and paste) into a mysql interface to test? Thanks in advance - esp to Larry (I've found your books to be very helpful over the years) Best, Adam

Thank you very much for the reply! - and the link Best, Adam

Hello: On page 430 (Chapter 13) in the sidebar titled MORE SECURITY RECOMMENDATIONS it recommends watching how "database references are used." More specifically it mentions that using a table's primary key in a cookie is a security risk. This makes sense, butI'm wondering, is the same true when storing a table's primary key in a session variable? My thinking is that it's okay in a session variable since the session is stored on the server, not in the client's web browser. I believe that in order to alter $_SESSION['userid'], e.g., you would need to have access to the same server - so that you could put in a dummy page that reassigns $_SESSION ['userid'] as one wants - and you would need to know the name of the session variable. If there's a better way to access user data throughout a site other than storing the primary key from the users table in $_SESSION['userid'] (or whatever), I'd love to know what's recommended. Thanks very much! Best, Adam