bahaa

yes..

Some one tried to hack it with sql injection

Counting characters got nothing to do with the font size the viewer use. What boxes do you suggest fixed height and why ?

Another project http://www.farfsha.net/

Can we see the error you get when you run it?

Well, I did not know that the prepared statement depend upon the version of Mysql I use. I thought as long as the version I have support Mysqli prepared statement, then I would not have a problem on how to construct my query. In my opinion, if you indicate such things in your answers and give both solution, it would be a good resources for other members and they would have less problems in their application. When I posted the second query, I did not mean to violate the guidelines. I read the the guidelines before and I read where it says not to add another post if it doesn't add anything to the thread. I waited 3 days and since I saw you answered some questions that have been posted after my post, I thought you did not notice thread or something and that is why I add the second post. Anyway the version I use is 5.0.7

I would really appreciate if some one could help me with this question

Thanks for your comment

Hello, This is my second project using MySQLI and PHP. I have done this for a client. http://gulfpal.net/index.php I know you won't be able to read it but you can see the look and click on links to check the speed. It is hosted on shared server. Please let me know what you think.

Hello, How to I bind a param to ORDER BY in mysqli ? Bahaa,

Thanks Edward

Hi, how to we use the filter_input(INPUT_POST, '', FILTER_VALIDATE_INT) to validate zero as int ? I always get false when i try to use the filter on an input that has a value of zero. Bahaa,

I was able to figure out the problem here is why it happens in case some of you run into this problem This can happen, for example, if you are using mysql_use_result() and try to execute a new query before you have called mysql_free_result(). It can also happen if you try to execute two queries that return data without calling mysql_use_result() or mysql_store_result() in between. I had to use mysq_store_result between the 2 queries.

Hello I get this error when i try to run 2 prepared statement.. the 2 statements do not relate to each other. The first one runs but the second doesn't... I deleted the first prepared statement and the second one worked find. here is the error Commands out of sync; you can't run this command now Bahaa,

Hello, How do I get rid of the output buffering already sent ? I need to generate the page title dynamically and this require to echo it before the header and it causes the the output buffer already sent to appear. I also use the header() function in many places in my code. I can't change the setting on the server because it is shared hosting. Bahaa,

I don't use upper case for the table's name but by mistake in my query I used upper case for my table name in one of the functions. Everything worked fine after i fixed that problem.

How do I change the setting so I make it case sensitive on my machine?

Thanks for the tip the problem was with using capital letter for the name of the table in my query. on my machine the name of the tables case insensitive and on the production it is case sensitive

Yes it is available.

What do you suggest in this situation ? I have the same problem with another non prepared query. The problem is with the query inside the loop. in the first query I get the question and inside the loop I get the answer for each question using the question id this query works on my machine but it doesn't work online. <?php $sql ="SELECT SurveyID, SurveyName FROM survey LIMIT 1"; $result = $mysqli->query($sql); $rec = $result->fetch_array(); $SurveyID = $rec['SurveyID']; $SurveyName = $rec['SurveyName']; echo "<h2 class=\"SurveyName\"> $SurveyName</h2>"; $sql ="SELECT QuestionID, Question FROM question WHERE SurveyID ='".mysqli_real_escape_string($mysqli, $SurveyID)."'"; $result = $mysqli->query($sql); $ID = array(); while($rec = $result->fetch_array()) { $QuestionID = $rec['QuestionID']; echo "<span class=\"Question\">". $rec['Question']. "</span>"; $ID[] = $rec['QuestionID']; $_SESSION['Questions'] = $ID; echo "<input type=\"hidden\" name=\"ID[]\" value=\"{$QuestionID}\"/>"; ///Get answers $sqlAnswer ="SELECT AnswerID, Answer, VoteCount FROM Answer WHERE QuestionID ='".mysqli_real_escape_string($mysqli, $QuestionID)."'"; $AnswerResult =$mysqli->query($sqlAnswer); //fetch the result while($rec = $AnswerResult->fetch_array()) { $AnswerID = $rec['AnswerID']; $Answer = $rec['Answer']; $VoteCount = $rec['VoteCount']; echo "<input type=\"radio\" name=\"QuestionID[$QuestionID]\" value=\"{$AnswerID}\" id=\"{$QuestionID}\""; if(isset($_COOKIE[$SurveyID])) { echo "disabled"; } echo "/> $Answer<br />"; } } ?>

No luck and the odd thing I deployed my files online and I don't get everything working as I do locally. I have used a prepare statement inside a loop and bind param to the nested prepare statement. the first statement works fine but the one inside the loop it doesn't work though it works locally

it is not the operator I ran the query on mysqlbench and it worked but when i use it in my code, it doesnt work!

Hi, I have this query and it keeps giving me Fatal error: Call to a member function bind_param() on a non-object. The name of the fields are correct and the connetions is set properly. $sql ="SELECT UserID From user WHERE UserID != ? AND Email = ? "; //prepare stmt $stmt = $mysqli->prepare($sql); //bind param $stmt->bind_param('is',$ID, $Email); //execute the query $stmt->execute();

Thank you so much Larry. Evrything works fine now.

Thanks for your answer I understand the part of creating the questions as an array but I don't understand the part of validating upon submission. Could you please give me an example?