|
PHP - Should Mysqli_stmt_bind_result Come After Mysqli_stmt_bind_execute ?
Php Folkies,
Look at this account activation script. It gets triggered when a new member clicks an account activation link he gets emailed.
<?php
//Required PHP Files.
include 'configurations_site.php'; //Required on all webpages of the site. Must include here too. Else, conn.php data would not be found. conn.php residing in site_configurations.php.
include 'header_site.php'; //Required on all webpages of the site.
include 'header_account.php'; //Required on all webpages of the account.
include 'sessions.php'; //Required on all webpages of the site.
?>
<?php
//Step 1: Check whether URL is in the GET method or not.
//Perform following actions if URL is not in the GET Method and does not contain user Email and Account Activation Code.
if(!isset($_GET["primary_website_email"],$_GET["account_activation_code"]) === TRUE)
{
//Give the User Alert that the Account Activation Link is Invalid.
echo "Invalid Account Activation Link! Try registering for an account if you do not already have one! <a href="\"register.php\">Register here!</a>"; </p>
exit();
}
else
{
//Step 2: Check User submitted details.
$primary_website_email = htmlspecialchars($_GET['primary_website_email']);
$account_activation_code = htmlspecialchars($_GET['account_activation_code']);
//2A. Check User Inputs against Mysql Database.
//Select Username, Primary Domain and Primary Domain Email to check against Mysql Database if they are pending registration or not.
$stmt = mysqli_prepare($conn, "SELECT username, account_activation_status FROM users WHERE primary_website_email = ? AND account_activation_code = ?");
mysqli_stmt_bind_param($stmt,'si',$primary_website_email,$account_activation_code);
mysqli_stmt_bind_result($stmt,$username,$account_activation_status);
//Perform the following if Account Activation Link was valid (the "Primary Website Email" and "Account Activation Code" match that were found via the GET Method).
if(mysqli_stmt_execute($stmt)) && mysqli_stmt_fetch($stmt))
{
//Perform the following if the "Account Activation Status is not found to be "0" (Account Activation Pending) on Mysql Database.
if($account_activation_status = 1)
{
//Give the User Alert that their Account is already active.
echo "Since you have already activated your account then why are you trying to activate it again ? Simply <a href="\"login.php\">log-in here</a>! ";
exit();
}
else
{
//Set Account Activation Status to 1 (1 = "Account Activated"; And 0 = "Activation Pending") on Tbl.
$account_activation_status = 1;
$stmt = mysqli_prepare($conn,"UPDATE users SET account_activation_status = ? WHERE username = ?");
mysqli_stmt_bind_param($stmt,'is',$account_activation_status,$username);
if(mysqli_stmt_execute($stmt))
{
//Give user Alert that their Account has now been Activated.
echo <h3 style='text-align:center'>Thank you for your confirming your email and activating your account. <br>
Redirecting you to your Home Page ...</h3>
$_SESSION["user"] = $username;
//Redirecting the newly Account Activated User to their Account Home Page by identifying the User by their Session Name (Username).
header("location:home.php");
}
}
}
else
{
//Perform following if Primary Website Email and/or Account Activation Code is not Pending Registration.
$primary_website_email = htmlspecialchars($_GET['primary_website_email']);
$account_activation_code = htmlspecialchars($_GET['account_activation_code']);
//Give the User Alert their Email and/or Account Activation Code in the Account Activation Link is Invalid or the Account Activation Link is out of date (Email no longer registered in the Tbl).
echo "Either this Email Address $primary_website_email was not pending registration with this Account Activation Code $account_activation_code or one or both of them are invalid!
Or, the Account Activation Link is out of date (Email no longer registered in the Tbl).
Try registering an account if you have not already done so! <a href=\"register.php\">Register here!</a>"; </p>
exit();
}
}
?>
Shall I change this:
//2A. Check User Inputs against Mysql Database.
//Select Username, Primary Domain and Primary Domain Email to check against Mysql Database if they are pending registration or not.
$stmt = mysqli_prepare($conn, "SELECT username, account_activation_status FROM users WHERE primary_website_email = ? AND account_activation_code = ?");
mysqli_stmt_bind_param($stmt,'si',$primary_website_email,$account_activation_code);
mysqli_stmt_bind_result($stmt,$username,$account_activation_status);
//Perform the following if Account Activation Link was valid (the "Primary Website Email" and "Account Activation Code" match that were found via the GET Method).
if(mysqli_stmt_execute($stmt)) && mysqli_stmt_fetch($stmt))
{
//Perform the following if the "Account Activation Status is not found to be "0" (Account Activation Pending) on Mysql Database.
if($account_activation_status = 1)
{
//Give the User Alert that their Account is already active.
echo "Since you have already activated your account then why are you trying to activate it again ? Simply <a href="\"login.php\">log-in here</a>! ";
exit();
}
to this where the mysqli_stmt_bind_result($stmt,$username,$account_activation_status) has been switched to a new spot:
//2A. Check User Inputs against Mysql Database.
//Select Username, Primary Domain and Primary Domain Email to check against Mysql Database if they are pending registration or not.
$stmt = mysqli_prepare($conn, "SELECT username, account_activation_status FROM users WHERE primary_website_email = ? AND account_activation_code = ?");
mysqli_stmt_bind_param($stmt,'si',$primary_website_email,$account_activation_code);
//Perform the following if Account Activation Link was valid (the "Primary Website Email" and "Account Activation Code" match that were found via the GET Method).
if(mysqli_stmt_execute($stmt)) && mysqli_stmt_fetch($stmt))
{
//Perform the following if the "Account Activation Status is not found to be "0" (Account Activation Pending) on Mysql Database.
mysqli_stmt_bind_result($stmt,$username,$account_activation_status);
if($account_activation_status = 1)
{
//Give the User Alert that their Account is already active.
echo "Since you have already activated your account then why are you trying to activate it again ? Simply <a href="\"login.php\">log-in here</a>! ";
exit();
}
Similar TutorialsHere is my code: Code: [Select] $sql = mysqli_prepare($cxn,'SELECT userId, salty, password FROM members WHERE userName=?'); mysqli_stmt_bind_param($sql,'s',$userName); mysqli_stmt_execute($sql); mysqli_stmt_bind_result($sql,$userId,$salty,$pass); echo $userName; echo $userId; echo $salty; echo $pass; What is happening is when I plug that query into the phpmyadmin, it pulls the data perfectly. But when I put it in my script and do the bind_result() function, it is getting a 0 userId and null salty and pass.... It acts like it's not grabbing any data. Am I doing this wrong or is the order I'm doing it wrong? Thanks for the help! Folks,
I managed to get this piece of code working. But I need you to check if it is buggy or in error or not. I will add VALIDATION later. Just let me know is this how you query db with mysqli_stmt_bind_result (prepared statement using procedural style) and display results on screen ? Don't worry about pagination. i will add that later. Just let me know if I got the basics correct or not to display results from db or not. That is all. Note my comments in CAPITALS. They are questions to which I need answers. conn.php
<?php
$db_server = 'localhost';
$db_user = 'root';
$db_password = '';
$db_database = 'test';
$conn = mysqli_connect("$db_server","$db_user","","$db_database");
//SHOULD I KEEP FOLLOWING 1 LINE INTACT HERE OR DUMP IT TO main file search.php ?
$conn->set_charset('utf8mb4');//Always use Charset.
//HOW TO CONVERT ABOVE LINE TPO PROCEDURAL ?
if (!$conn)
{
//HOW TO WRITE CODE SO FOLLOWING TECHNICAL ERROR IS WRITTEN TO ERROR FILE AND NOT SHOWN TO USER ?
//Error Message to show user in technical/development mode to see errors.
die("Database Error : " . mysqli_error($conn));
//Error Message to show User in Layman's mode to see errors.
die("Database error.");
exit();
}
?>
Q1. Do not forget to answer my question you see in CAPITALS in above code (conn.php). Check the search.php before replying.
error_reporting.php
<?php
ini_set('error_reporting','E_ALL');
ini_set('display_errors','1');
ini_set('display_startup_errors','1');
error_reporting(E_ALL);
//SHOULD I KEEP FOLLOWING 1 LINE INTACT HERE OR DUMP IT TO main file search.php ?
mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);
?>
Q2. Do not forget to answer my question you see in CAPITALS in above code (error_reporting.php). Check the search.php before replying.
search.php
<?php
//include('error_reporting.php');
error_reporting(E_ALL);
ini_set('error_reporting',E_ALL);
ini_set('display_errors','1');
ini_set('display_startup_errors','1');
?>
<form name = "search" method = "POST" action="">
<label for="keywords">Keywords:*</label>
<input type="text" name="keywords" id="keywords" placeholder="Input Keywords" required>
<br>
<button type="submit">Submit</button><br>
<button type="submit" value="submit">Submit</button><br>
<input type="submit" value="submit"><br>
<button name=submit value=" ">Search</button><br>
<button type="submit" name="submit" value="submit">Search</button>
<br>
<input type="reset">
<br>
</form>
<?php
if($_SERVER['REQUEST_METHOD'] === 'POST')
{
if(ISSET($_POST['submit']))
{
if(ISSET($_POST['keywords']))
{
$keywords = $_POST['keywords'];
}
//SHOULD I KEEP FOLLOWING 1 LINE INTACT HERE OR DUMP IT TO error_reporting.php ?
mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);
//SHOULD I KEEP FOLLOWING 5 LINES INTACT HERE OR DUMP IT TO conn.php ?
$conn = mysqli_connect("localhost","root","","test");
$conn->set_charset("utf8mb4");
if(mysqli_connect_error())
{
echo "Could not connect!" . mysqli_connect_error();
}
$query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE keywords = ?";
$stmt = mysqli_stmt_init($conn);
//FIRST ATTEMPT TO DISPLAY TBL RESULTS USING mysqli_stmt_bind_result() FUNCTION. TEST RESULT: ATTEMPT A FAILURE!
if(mysqli_stmt_prepare($stmt,$query))
{
mysqli_stmt_bind_param($stmt,'s',$keywords);
$stmt_execution = mysqli_stmt_execute($stmt);
if($stmt_execution === FALSE)
{
printf("Error: %s.\n", mysqli_stmt_error($stmt));
printf("Error: %d.\n", mysqli_stmt_errno($stmt));
die;
}
$bind_result = mysqli_stmt_bind_result($stmt,$page_url,$link_anchor_text,$page_description,$keyphrase,$keywords);
if($bind_result === FALSE)
{
printf("Error: %s.\n", mysqli_stmt_error($stmt));
printf("Error: %d.\n", mysqli_stmt_errno($stmt));
die;
}
$stmt_fetch = mysqli_stmt_fetch($stmt);
if($stmt_fetch === FALSE)
{
printf("Error: %s.\n", mysqli_stmt_error($stmt));
printf("Error: %d.\n", mysqli_stmt_errno($stmt));
die;
}
while(mysqli_stmt_fetch($stmt))
{
echo "$page_url"; echo "<br>";
echo "$link_anchor_text"; echo "<br>";
echo "$page_description"; echo "<br>";
echo "$keyphrase"; echo "<br>";
echo "$keywords"; echo "<br>";
echo "|";
echo "<br>";
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
else
{
die("QUERY failed!)";
}
Q3. Anything I should know ? Edited July 17, 2020 by 2020 |
|||||||