jhm Posted June 16, 2015 Share Posted June 16, 2015 In chapter 12, we're presented code to update example #1 to use prepared statements. For some reason, in the forgot_password.php file, there was one statement where Larry didn't supply the code to update. Was there a reason for this? Thanks. // Check for the existence of that email address...$q = 'SELECT id FROM users WHERE email="' . escape_data($email, $dbc) . '"';$r = mysqli_query($dbc, $q);if (mysqli_num_rows($r) === 1) { // Retrieve the user ID:list($uid) = mysqli_fetch_array($r, MYSQLI_NUM);} else { // No database match made.$pass_errors['email'] = 'The submitted email address does not match those on file!';} Link to comment Share on other sites More sharing options...
jhm Posted June 18, 2015 Author Share Posted June 18, 2015 Odd that all other code were changed to use prepared statements, except that one. Link to comment Share on other sites More sharing options...
Larry Posted June 19, 2015 Share Posted June 19, 2015 I expect it was just an oversight. Let me know if you have any problems figuring out how to do it as a prepared statement. Sorry for any confusion! Link to comment Share on other sites More sharing options...
jhm Posted June 30, 2015 Author Share Posted June 30, 2015 $q = 'SELECT id FROM users WHERE email = ?';$stmt = mysqli_prepare($dbc, $q);mysqli_stmt_bind_param($stmt, 's', $email);mysqli_stmt_execute($stmt);mysqli_stmt_store_result($stmt);$rows = mysqli_stmt_num_rows($stmt);if ($rows === 1) {?? ---> list($uid) = mysqli_fetch_array($r, MYSQLI_NUM); Link to comment Share on other sites More sharing options...
Larry Posted July 2, 2015 Share Posted July 2, 2015 Could you elaborate beyond "??"? Is this working for you? If not, are you seeing error messages? If so, what are they? For comparison, though, if you look at the procedural example here--http://php.net/manual/en/mysqli.prepare.php, you can see they execute the statement, then bind the result, then fetch the value into a PHP variable. You could check the variable for a non-false value to know the SELECT query returned a row. Link to comment Share on other sites More sharing options...
jhm Posted July 2, 2015 Author Share Posted July 2, 2015 I needed to pass the ID to the variable $uid. That was my original issue/question. Fixed and working now, code below. Thanks! $q = 'SELECT id FROM users WHERE email = ?';$stmt = mysqli_prepare($dbc, $q);mysqli_stmt_bind_param($stmt, 's', $email);mysqli_stmt_execute($stmt);mysqli_stmt_store_result($stmt);$rows = mysqli_stmt_num_rows($stmt);if ($rows === 1) {mysqli_stmt_bind_result($stmt, $uid); /* fetch value */ mysqli_stmt_fetch($stmt); Link to comment Share on other sites More sharing options...
Larry Posted July 3, 2015 Share Posted July 3, 2015 Cool. Glad that's working and thanks for sharing the final result! Link to comment Share on other sites More sharing options...
Recommended Posts