Jump to content
Larry Ullman's Book Forums

Forgot_Password (Prepared Statement Missing)


Recommended Posts

In chapter 12, we're presented code to update example #1 to use prepared statements.  For some reason, in the forgot_password.php file, there was one statement where Larry didn't supply the code to update.  Was there a reason for this?  Thanks.

 

// Check for the existence of that email address...
$q = 'SELECT id FROM users WHERE email="' . escape_data($email, $dbc) . '"';
$r = mysqli_query($dbc, $q);

if (mysqli_num_rows($r) === 1) { // Retrieve the user ID:
list($uid) = mysqli_fetch_array($r, MYSQLI_NUM);
} else { // No database match made.
$pass_errors['email'] = 'The submitted email address does not match those on file!';
}

Link to comment
Share on other sites

  • 2 weeks later...

$q = 'SELECT id FROM users WHERE email = ?';
$stmt = mysqli_prepare($dbc, $q);
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$rows = mysqli_stmt_num_rows($stmt);

if ($rows === 1) {
?? --->  list($uid) = mysqli_fetch_array($r, MYSQLI_NUM);
 

Link to comment
Share on other sites

Could you elaborate beyond "??"? Is this working for you? If not, are you seeing error messages? If so, what are they? 

 

For comparison, though, if you look at the procedural example here--http://php.net/manual/en/mysqli.prepare.php, you can see they execute the statement, then bind the result, then fetch the value into a PHP variable. You could check the variable for a non-false value to know the SELECT query returned a row. 

Link to comment
Share on other sites

I needed to pass the ID to the variable $uid.  That was my original issue/question.  Fixed and working now, code below.  Thanks!

 

$q = 'SELECT id FROM users WHERE email = ?';
$stmt = mysqli_prepare($dbc, $q);
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$rows = mysqli_stmt_num_rows($stmt);

if ($rows === 1) {
mysqli_stmt_bind_result($stmt, $uid);

/* fetch value */

mysqli_stmt_fetch($stmt);

Link to comment
Share on other sites

 Share

×
×
  • Create New...