brilliantmojo I'm following this tutorial: https://www.webslesson.info/2018/08/how-to-make-product-filter-in-php-using-ajax.html

Don't use the database code in this script. It is an insecure misuse of prepared queries.

brilliantmojo (for example; $statement = $db->prepare($query); = $statement = $db->mysqli_prepare($query); (https://www.php.net/manual/en/mysqli.prepare.php)) but it doesn't seem to do anything

You would also need to bind the inputs to the place-holders in the query and convert all the other database statements to mysqli equivalents. However, since there are no place-holders now, to properly do this, you would need to rewrite the code to produce an actual prepared query.

pbismad

pbismad Don't use the database code in this script. It is an insecure misuse of prepared queries.

Thank you, I didn't use that database code.

pbismad You would also need to bind the inputs to the place-holders in the query

Excuse me, i'm very new to php. Would you mind clarifying what exactly you mean by this?

What i've been doing is using this as a sort of shell and filling in everything with my own databases information. Kind of like a template.

brilliantmojo Would you mind clarifying what exactly you mean by this?

With mysqli, a prepared query requires that you call the bind_param() statement.

Note that you could just use the PDO extension, as it supports many database engines including MySQL. (And I personally find PDO nicer to use than MySQLi )

pbismad $statement = $db->mysqli_prepare($query);

If $db is a MySQLi object, then it would just be:

$statement = $db->prepare($query);

If you're not electing to use OOP style, then it would be:

$statement = mysqli_prepare($db, $query);

NogDog

NogDog If you're not electing to use OOP style, then it would be:
$statement = mysqli_prepare($db, $query);

THIS WORKED!! Thanks so much! If you had any idea how long I've been working on figuring that you'd laugh. I really appreciate it