[Forgot_Password (Prepared Statement Missing)]

I needed to pass the ID to the variable $uid.  That was my original issue/question.  Fixed and working now, code below.  Thanks!

 

$q = 'SELECT id FROM users WHERE email = ?';
$stmt = mysqli_prepare($dbc, $q);
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$rows = mysqli_stmt_num_rows($stmt);

if ($rows === 1) {
mysqli_stmt_bind_result($stmt, $uid);

/* fetch value */

mysqli_stmt_fetch($stmt);

[Forgot_Password (Prepared Statement Missing)]

$q = 'SELECT id FROM users WHERE email = ?';
$stmt = mysqli_prepare($dbc, $q);
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$rows = mysqli_stmt_num_rows($stmt);

if ($rows === 1) {
?? --->  list($uid) = mysqli_fetch_array($r, MYSQLI_NUM);
 

[Forgot_Password (Prepared Statement Missing)]

Odd that all other code were changed to use prepared statements, except that one.

[Forgot_Password (Prepared Statement Missing)]

In chapter 12, we're presented code to update example #1 to use prepared statements.  For some reason, in the forgot_password.php file, there was one statement where Larry didn't supply the code to update.  Was there a reason for this?  Thanks.

 

// Check for the existence of that email address...
$q = 'SELECT id FROM users WHERE email="' . escape_data($email, $dbc) . '"';
$r = mysqli_query($dbc, $q);

if (mysqli_num_rows($r) === 1) { // Retrieve the user ID:
list($uid) = mysqli_fetch_array($r, MYSQLI_NUM);
} else { // No database match made.
$pass_errors['email'] = 'The submitted email address does not match those on file!';
}