prepared statements

d1psh1tz1941 · Nov 13, 2019

gave up on this for awhile but thought to try the prepared statements again. I'm trying to select records from database to remember info, click on and go to the target and update the date last used, visit count, time visited and if the info hasn't been saved, save it. Below is my latest feeble attempt. I'm hoping for advice

<!DOCTYPE html><html>
<body><center>

<?php
echo '
<div class="date">', date('m/d/y'), '</div>';
$con = new mysqli('localhost', 'root', 'cookie', 'homedb');
if ($con->connect_error)
{ echo 'Cannot Connect to mySQL: ', $con->connect_error(); }
else
{
echo '
<label for="targetEmail">E-Mail Account:</label><br>
<select name="target">
<option value="">-- select --</option>';

$targets = $con->query('SELECT target FROM emailtbl');
while ($row = $targets->fetch_array(MYSQLI_ASSOC)) echo '
<option>', $row['target'], '</option>';
echo '
</select>
<input type="submit" name="submit" value="Submit">';
}
?>

</form>
</body></html>
<?php
$con = new mysqli('localhost', 'root', 'cookie', 'homedb');
if ($con->connect_error)
{ echo 'Cannot Connect to mySQL: ', $con->connect_error(); }
else
{
if (isset($POST['target']))
{
$stmt = $con->prepare('
SELECT target, purpose, username, password, emailused, lastused, visit-count, time-visited, saved
FROM emailtbl
WHERE target = ? ');
$stmt->bindValue(1, $POST['target']);
$stmt->execute();

if ($row = $stmt->fetch())
{

echo '
<table class="emailResults">
<caption>
Email Activity for ', htmlspecialchars($POST['target']), '
</caption>
<thead>
<tr>
<th scope="col">Purpose</th>
<th scope="col">Username</th>
<th scope="col">Password</th>

<th scope="col">E-Mail Used</th>
<th scope="col">Last Used</th>
<th scope="col">visit count</th>
<th scope="col">time visited</th>

<th scope="col">Saved</th>
</tr>
</thead><tbody>';

do
{

echo '
<tr>';

foreach ($row as $value) echo '
<td>', $value, '</td>';

echo '
</tr>';
}
while ($row = $stmt->fetch());

echo '
</tbody></table>';

}
else echo '<div class="error">No Results Found</div>';

}
else echo '<div class="error">No valid "target" for Query</div>';

}
$stmt = $con->prepare('
UPDATE emailtbl
SET lastused = NOW(), visit-count = visit-count + 1,
time-visited = time-visited + 1
WHERE target = ? ');
$stmt->bindParam(s, $POST['target']);
$stmt->execute();
echo $stmt->error ? '
<div class="error">
Lastused update query error: ' . $stmt->error . '
</div>
' : ( $stmt->affected_rows > 0 ? '
<div class="success">
Success! Updated ' . $stmt->affected_rows . ' records.
</div>
' : '
<div class="error">
FAILED! No records updated.
<div>
');
?>

</body></html>

below is the result

', date('m/d/y'), ''; $con = new mysqli('localhost', 'root', 'cookie', 'homedb'); if ($con->connect_error) { echo 'Cannot Connect to mySQL: ', $con->connect_error(); } else { echo ' E-Mail Account:
'; } ?> connect_error) { echo 'Cannot Connect to mySQL: ', $con->connect_error(); } else { if (isset($POST['target'])) { $stmt = $con->prepare(' SELECT target, purpose, username, password, emailused, lastused, visit-count, time-visited, saved FROM emailtbl WHERE target = ? '); $stmt->bindValue(1, $POST['target']); $stmt->execute(); if ($row = $stmt->fetch()) { echo ' '; do { echo ' '; foreach ($row as $value) echo ' '; echo ' '; } while ($row = $stmt->fetch()); echo '
Email Activity for ', htmlspecialchars($POST['target']), ' Purpose Username Password E-Mail Used Last Used visit count time visited Saved
', $value, '
'; } else echo '
No Results Found
'; } else echo '
No valid "target" for Query
'; } $stmt = $con->prepare(' UPDATE emailtbl SET lastused = NOW(), visit-count = visit-count + 1, time-visited = time-visited + 1 WHERE target = ? '); $stmt->bindParam(s, $POST['target']); $stmt->execute(); echo $stmt->error ? '
Lastused update query error: ' . $stmt->error . '
' : ( $stmt->affected_rows > 0 ? '
Success! Updated ' . $stmt->affected_rows . ' records.
' : '
FAILED! No records updated.
'); ?>

NogDog · Nov 13, 2019

Please use [code]...[/code] tags around your code blocks, and preferably only include the code we really need to see (i.e. if you're trying to debug/enhance a piece of PHP code, we usually don't really need all the HTML around it and other distractions ).

dalecosp · Nov 13, 2019

Your code parses and runs OK, if a connection can be obtained. I don't think that MySQLI has a method named connect_error, though. [EDIT]: Aha! It doesn't ... it's a property instead, so change connect_error() to simply connect_error. See: https://www.php.net/manual/en/mysqli.connect-error.php

I'm not sure what else might be wrong? The OP isn't formatted too well ... sorry.

pbismad · Nov 13, 2019

Additionally, the OP's code contains a mismatch of PDO and mysqli bind statements, which should be producing runtime errors for non-existent methods.

If you are updating old code or writing new code, do yourself a favor and use the PDO database extension. It is much simpler than the mysqli extension.