jhm
-
Posts
4 -
Joined
-
Last visited
Posts posted by jhm
-
-
$q = 'SELECT id FROM users WHERE email = ?';
$stmt = mysqli_prepare($dbc, $q);
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$rows = mysqli_stmt_num_rows($stmt);
if ($rows === 1) {
?? ---> list($uid) = mysqli_fetch_array($r, MYSQLI_NUM);
-
Odd that all other code were changed to use prepared statements, except that one.
-
In chapter 12, we're presented code to update example #1 to use prepared statements. For some reason, in the forgot_password.php file, there was one statement where Larry didn't supply the code to update. Was there a reason for this? Thanks.
// Check for the existence of that email address...
$q = 'SELECT id FROM users WHERE email="' . escape_data($email, $dbc) . '"';
$r = mysqli_query($dbc, $q);
if (mysqli_num_rows($r) === 1) { // Retrieve the user ID:
list($uid) = mysqli_fetch_array($r, MYSQLI_NUM);
} else { // No database match made.
$pass_errors['email'] = 'The submitted email address does not match those on file!';
}
Forgot_Password (Prepared Statement Missing)
in Effortless E-Commerce with PHP and MySQL (2nd Edition)
Posted
I needed to pass the ID to the variable $uid. That was my original issue/question. Fixed and working now, code below. Thanks!
$q = 'SELECT id FROM users WHERE email = ?';
$stmt = mysqli_prepare($dbc, $q);
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$rows = mysqli_stmt_num_rows($stmt);
if ($rows === 1) {
mysqli_stmt_bind_result($stmt, $uid);
/* fetch value */
mysqli_stmt_fetch($stmt);