Wanda Marston
asked on
Should I change any of this mysqli code to a prepared statement?
Changing code from mysqli to prepared statement.
<?php
// Check if the form has been submitted:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($_POST['sure'] == 'Yes') { // Deactivate the record.
// Make the database query:
$q = "UPDATE `users` SET `active` = '0', date_modified=NOW() WHERE id={$_SESSION['user_id']}";
$r = @mysqli_query ($db, $q);
if (mysqli_affected_rows($db) == 1) { // If it ran OK.
}
$q = "UPDATE `notices` SET `active` = '0' WHERE users_id={$_SESSION['user_id']}";
$r = @mysqli_query ($db, $q);
if (mysqli_affected_rows($db) == 1) { // If it ran OK.
}
echo '<p><h3a>Your membership has been deactivated.</h3a></p>';
//include('Deactivated.html'); // Include the HTML footer
//exit(); // Stop the page.
} else { // If the query did not run OK.
echo '<p class="error">The user could not be deleted due to a system error.</p>';
}
} else { // Show the form.
// Retrieve the user's information:
$q = "SELECT CONCAT(username, ', ', email) FROM users WHERE id={$_SESSION['user_id']}";
$r = @mysqli_query ($db, $q);
if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form.
// Get the user's information:
$row = mysqli_fetch_array ($r, MYSQLI_NUM);
echo "<p><h2>Are you sure you want to deactivate your account?</h2></p>";
// Create the form:
echo '<p><form action="CancelRenewTBR.php" method="post">
<input type="radio" name="sure" value="Yes" /> Yes
<input type="radio" name="sure" value="No" checked="checked" /> No</p><br />
<button class="button" style="vertical-align:left"><span>Submit →</span></button>
<input type="hidden" name="id" value="' . $_SESSION['user_id'] . '" />
</form>';
} else { // Not a valid user ID.
echo '<p class="error">This page has been accessed in error.</p><br />';
}
}//end of conditional
mysqli_close($db);
?>
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
As usual your comments are very helpful. I believe in my past questions and posts that some experts have given me some PDO code as well as the PDO code for connecting to the database. I just have to figure out where my older questions are located in my Experts Exchange account.
Hey Wanda,
This should get you going with a PDO connection:
This should get you going with a PDO connection:
<?php
$username = 'yourUsername';
$password = 'yourPassword';
$dsn = 'mysql:host=localhost;dbname=yourDatabase;charset=utf8mb4';
$options = [
PDO::ATTR_EMULATE_PREPARES => false,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_OBJ,
];
try {
$db = new PDO($dsn, $username, $password, $options);
} catch(PDOException $e) {
die( $e->getMessage() );
}
ASKER
I suppose I can find the information I need to figure out the prepared statements, on the PHP.net website.
Are you saying that this whole area is an empty block?
Open in new window