Jump to content
Larry Ullman's Book Forums
Sign in to follow this  
jhm

Forgot_Password (Prepared Statement Missing)

Recommended Posts

In chapter 12, we're presented code to update example #1 to use prepared statements.  For some reason, in the forgot_password.php file, there was one statement where Larry didn't supply the code to update.  Was there a reason for this?  Thanks.

 

// Check for the existence of that email address...
$q = 'SELECT id FROM users WHERE email="' . escape_data($email, $dbc) . '"';
$r = mysqli_query($dbc, $q);

if (mysqli_num_rows($r) === 1) { // Retrieve the user ID:
list($uid) = mysqli_fetch_array($r, MYSQLI_NUM);
} else { // No database match made.
$pass_errors['email'] = 'The submitted email address does not match those on file!';
}

Share this post


Link to post
Share on other sites

I expect it was just an oversight. Let me know if you have any problems figuring out how to do it as a prepared statement. Sorry for any confusion!

Share this post


Link to post
Share on other sites

$q = 'SELECT id FROM users WHERE email = ?';
$stmt = mysqli_prepare($dbc, $q);
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$rows = mysqli_stmt_num_rows($stmt);

if ($rows === 1) {
?? --->  list($uid) = mysqli_fetch_array($r, MYSQLI_NUM);
 

Share this post


Link to post
Share on other sites

Could you elaborate beyond "??"? Is this working for you? If not, are you seeing error messages? If so, what are they? 

 

For comparison, though, if you look at the procedural example here--http://php.net/manual/en/mysqli.prepare.php, you can see they execute the statement, then bind the result, then fetch the value into a PHP variable. You could check the variable for a non-false value to know the SELECT query returned a row. 

Share this post


Link to post
Share on other sites

I needed to pass the ID to the variable $uid.  That was my original issue/question.  Fixed and working now, code below.  Thanks!

 

$q = 'SELECT id FROM users WHERE email = ?';
$stmt = mysqli_prepare($dbc, $q);
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$rows = mysqli_stmt_num_rows($stmt);

if ($rows === 1) {
mysqli_stmt_bind_result($stmt, $uid);

/* fetch value */

mysqli_stmt_fetch($stmt);

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...