Asked  1 Year ago    Answers:  5   Viewed   19 times

I have this code, and works perfectly, but i want to make a simple modification

    <?php session_start();
require 'includes/f_banco1.php';
require '../PasswordHash.php';


function checkBd($sql, $db, $user, $codePass) {
    $user = $_GET['userid']; //here
    $codePass = $_GET['code'];//here

    if(is_numeric($user)) {

        ($sql = $db->prepare("select userid, code from password_reset where userid=? and code=?"));

        $sql->bind_param('ss', $user, $codePass);

        $sql->execute();

        $sql->bind_result($user, $codePass);

        if ($sql->fetch()) {
            $_SESSION['u_name']= sha1($user);
            header("location: updatePass.php");
            return true;
        }
        else
        echo "Não existe na BD";
        return false;

    }
    else
    echo "Erro";

}

checkBd ($sql, $db, $user, $codePass);

?>

i want to change these lines

$user = $_GET['userid']; //here
$codePass = $_GET['code'];//here

to

    $user = mysqli_real_escape_string($db, $_GET['userid']);
$codePass = mysqli_real_escape_string($db, $_GET['code']);

but with this change the code simple stops work, an echo of $user doesn't show nothing

any idea?

thanks

 Answers

5

You do not need to do that. You are using prepared statements, which escape the variables automatically.

Thursday, April 1, 2021
 
laurent
 
3

You are passing an array of elements ($passArray). The second item inside the passed array needs to be a reference, since that is really the list of items you are passing to the function.

Thursday, April 1, 2021
 
Gilko
 
4

Assign the second statement to new variable so it wouldn't override the first variable and cause the "all data must be fetched.." error.

if ($stmt = $this->mysqli->prepare("SELECT entry, author, time FROM messages WHERE user = ?")) {
        $stmt->bind_param("s", $user_name);
        $stmt->execute();
        $stmt->bind_result($entry, $author, $time);

        while ($stmt->fetch()) {             
            if ($st = $this->mysqli->prepare("SELECT photo_id FROM photos WHERE user = ?")) {
                $st->bind_param("s", $author);
                $st->execute();   
                $st->bind_result($photo_id); 
            }
            //echo $photo_id;
            $st->close();
        }    
    $stmt->close();
}
Thursday, April 1, 2021
 
4
<?php
$sql = new mysqli('127.0.0.1','root','Qwert12345','plot_io_db');
//echo $sql->query('Select * From players');
?>

It will work. Just remove port from localhost (127.0.0.1)

Friday, May 28, 2021
 
Sidarta
 
5

mysqli_connect("","username" ,"password","databasename");//Server name cannot be NULL

use loaclhost for server name(In Loacl)

<?php
    $con = mysqli_connect("localhost","username" ,"password","databasename");

    if (mysqli_connect_errno())
    {
        echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }
?>

Or can use MySQLi Procedural

<?php
    $servername = "localhost";
    $username = "username";
    $password = "password";

    // Create connection
    $con = mysqli_connect($servername, $username, $password);

    // Check connection
    if (!$con) {
        die("Connection failed: " . mysqli_connect_error());
    }
    echo "Connected successfully";
?>

EDIT 01

$servername = "localhost";
$username = "root";
$password = "";
Saturday, June 26, 2021
 
Zulakis
 
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :