iwato Posted January 27, 2018 Share Posted January 27, 2018 BACKGROUND: I am in the process of writing a class that will match and update rows in a MySQL data base. The field that contains the values against which a match is to be discovered must be indefinite. The values that it can contain are either 0 or 1 as defined by an ENUM field type. I know both the desired field and value before the matching routine commences. I want the UPDATE routine to set the value of the field to its opposite: 0 => 1 or 1 => 0. CURRENT STATE OF THE CODE: <?php class VeriFirm { private $mysqli_obj; private $username; private $email; private $hash; private $action = 0; private $field; private $tbl_name = 'captive_roster'; public $link = 'admin@grammarcaptive.com'; public $subject = 'Grammar%20Captive%20-%20Verify%20and%20Confirm%20User%20Action'; public $msg_mismatch = "Sorry, " . $this->username . ", but no matching entry in the Grammar Captive database was found. Please try again! If the problem persists, contact the Grammar Captive <a class='link_style' href='" . create_link() . "' title='Grammar Captive Online Administrator' target='_top'>webmaster</a> and expect a reply in response to your additional effort!"; public $msg_success = "Congratulations, " . $this->username . ", your desired action was successfully processed. No further action is required on your part."; public $msg_failure = "Sorry, " . $this->username . ", but Grammar Captive was unable to process your desired action. It appears that your account status has already been reset. If the problem persists, please contact the Grammar Captive <a class='link_style' href='" . create_link() . "' title='Grammar Captive Online Administrator' target='_top'>webmaster</a> and expect a reply in response to your additional effort!"; function __construct($mysqli_obj, $_GET, $field) { $this->mysqli_obj = $mysqli_obj; $this->field = $field; if((isset($_GET['username']) && !empty($_GET['username'])) AND (isset($_GET['email']) && !empty($_GET['email'])) AND (isset($_GET['hash']) && !empty($_GET['hash']))){ $this->$username = $mysqli_obj->real_escape_string($_GET['name']);; $this->$email = $mysqli_obj->real_escape_string($_GET['email']); $this->$hash = $mysqli_obj->real_escape_string($_GET['hash']); $this->$action = $mysqli_obj->real_escape_string($_GET['action']); } } function create_link() { return $mailto = "mailto:" . $this->link . "?Subject=" . $this->subject; } function match_data() { $sql_select = "SELECT user_name, email_address, hash, " . $this->field . " FROM " . $this->tbl_name . " WHERE user_name=? AND email_address=? AND hash=? AND " . $this->field . "=" . $this->action; $mysqli_stmt = $this->mysqli_obj->stmt_init(); $mysqli_stmt->prepare($sql_select); $mysqli_stmt->bind_param("ssss", $this->username, $this->email, $this->hash, $this->field); $mysqli_stmt->execute(); $mysqli_result = $mysqli_stmt->get_result(); $match = mysqli_num_rows($mysqli_result); if($match > 0){ update_record(); } else { return $msg_mismatch; } } function update_record() { if ($this->action == 0) { $sql_update = "UPDATE " . $this->tbl_name . " SET " . $this->field . "='1' WHERE user_name=? AND email_address=? AND hash=? AND ". $this->field . "=0"; $mysqli_stmt->prepare($sql_update); $mysqli_stmt->bind_param("sss", $this->username, $this->email, $this->hash); if ($mysqli_stmt->execute()) { return $msg_success; } else { return $msg_failure; } } else if ($this->action == 1) { $sql_update = "UPDATE " . $this->tbl_name . " SET " . $this->field . "='0' WHERE user_name=? AND email_address=? AND hash=? AND ". $this->field . "=1"; $mysqli_stmt->prepare($sql_update); $mysqli_stmt->bind_param("sss", $this->username, $this->email, $this->hash); if ($mysqli_stmt->execute()) { return $msg_success; } else { return $msg_failure; } } function get_link_and_subject() { return $this->link . ' and ' . $this->subject; } function set_link_and_subject($link, $subject) { $this->link = $link; $this->subject = $subject; } function get_tablename() { return $this->tbl_name; } function set_tablename($tbl_name) { $this->tbl_name = $tbl_name; } function get_msg_mismatch() { return $this->msg_mismatch; } function set_msg_mismatch($msg_mismatch) { $this->msg_mismatch = $msg_mismatch; } function get_msg_success() { return $this->msg_success; } function set_msg_success($msg_success) { $this->msg_success = $msg_success; } function get_msg_failure() { return $this->msg_failure; } function set_msg_failure($msg_failure) { $this->msg_failure = $msg_failure; } } ?> I am primarily concerned about the following: if((isset($_GET['username']) && !empty($_GET['username'])) AND (isset($_GET['email']) && !empty($_GET['email'])) AND (isset($_GET['hash']) && !empty($_GET['hash']))){...} Is this a proper use of the $_GET superglobal or would a $_POST or $_REQUEST superglobal be more appropriate. I am concerned about making user's private information public. This said, all communication with the Grammar Captive website is now available to TLS/SSL protocol -- namely, the https:// prefix. $sql_select = "SELECT user_name, email_address, hash, " . $this->field . " FROM " . $this->tbl_name . " WHERE user_name=? AND email_address=? AND hash=? AND " . $this->field . "=" . $this->action; Is this statement properly specified? I am concerned about the placement of the quotation marks and the ability of the mysqli_stmt object to read properly the intended SQL statement. $mysqli_stmt = $this->mysqli_obj->stmt_init(); Is this proper use of the -> operator in the construction of a PHP Class. $sql_update = "UPDATE " . $this->tbl_name . " SET " . $this->field . "='1' WHERE user_name=? AND email_address=? AND hash=? AND ". $this->field . "=0"; Is this statement properly described? Once again, my focus is on the use of quotations marks to define the statement. update_record() Is this the most efficient way to achieve the desire goal -- namely, to toggle the value of action between 0 and 1 depending on an initially assumed value of $this->field. Roddy Link to comment Share on other sites More sharing options...
iwato Posted January 27, 2018 Author Share Posted January 27, 2018 In particular, I am receiving a parse error in line 16 when the above code is run as $field = 'newsletter'; require_once('./_utilities/php/classes/class.lunarpages.php'); require_once('./_utilities/php/classes/class.verifirm.php'); $lunarpages = new Lunarpages(); $mysqli_obj = $lunarpages->get_mysqli_obj(); $verifirm = new VeriFirm($mysqli_obj, $_GET, $field); echo $verifirm->match_data(); Quote Parse error: parse error, expecting `','' or `';'' in /Users/kiusau/Sites/grammarcaptive.com/_utilities/php/classes/class.verifirm.php on line 16 Line 16: public $msg_mismatch = "Sorry, " . $this->username . ", but no matching entry in the Grammar Captive database was found. Please try again! If the problem persists, contact the Grammar Captive <a class='link_style' href='" . create_link() . "' title='Grammar Captive Online Administrator' target='_top'>webmaster</a> and expect a reply in response to your additional effort!"; Link to comment Share on other sites More sharing options...
iwato Posted January 27, 2018 Author Share Posted January 27, 2018 (edited) OK. I have managed to remove all of the error messages generated by PHP. I have also checked the various stages of the mysqli_stmt object for errors. There are none. Still, I am unable to generate matches where matches should be clearly present. public function match_data() { $sql_select = "SELECT user_name, email_address, hash, " . $this->field . " FROM " . $this->tbl_name . " WHERE user_name=? AND email_address=? AND hash=? AND " . $this->field . "=" . $this->action; $mysqli_stmt = $this->mysqli_obj->stmt_init(); $mysqli_stmt->prepare($sql_select); $mysqli_stmt->bind_param("sss", $this->username, $this->email, $this->hash); $mysqli_stmt->execute(); $mysqli_result = $mysqli_stmt->get_result(); $match = mysqli_num_rows($mysqli_result); if($match > 0){ update_record(); } else { return $this->msg_mismatch; } } What is returned? Quote Sorry, 橋守岩人, but no matching entry in the Grammar Captive database was found. Please try again! If the problem persists, contact the Grammar Captive webmaster and expect a prompt reply in response to your additional effort! For what it is worth, these are the mysqli_stmt and mysqli_result objects just prior to the match attempt. mysqli_stmt Object ( [affected_rows] => 0 [insert_id] => 0 [num_rows] => 0 [param_count] => 3 [field_count] => 4 [errno] => 0 [error] => [error_list] => Array ( ) [sqlstate] => 00000 [id] => 1 ) mysqli_result Object ( [current_field] => 0 [field_count] => 4 [lengths] => [num_rows] => 0 [type] => 0 ) Alas, woe is me. Roddy Edited January 27, 2018 by iwato Link to comment Share on other sites More sharing options...
iwato Posted January 27, 2018 Author Share Posted January 27, 2018 Is anyone there? Roddy Link to comment Share on other sites More sharing options...
Don E Posted January 28, 2018 Share Posted January 28, 2018 (edited) Have you tried printing the stmt and result objects after the match attempt to see for errors? Also not sure if this may be the issue but I don't think you need to call the first line below because when calling 'prepare' it returns a stmt object for you. $mysqli_stmt = $this->mysqli_obj->stmt_init(); $mysqli_stmt->prepare($sql_select); So instead try: $mysqli_stmt = $this->mysqli_obj->prepare($sql_select); Also noticed: $match = mysqli_num_rows($mysqli_result); Looks like calling procedural function calling attempt? Instead for number of rows, try: $mysqli_stmt->num_rows Use in the if condition instead of $match > 0. Also noticed and just to note, when calling a function from another function within the same object, use $this->update_record(); instead of just update_record(); Good luck! I'm sure some of the others will be here to assist as well! Edited January 28, 2018 by Don E 1 Link to comment Share on other sites More sharing options...
iwato Posted January 28, 2018 Author Share Posted January 28, 2018 Thank you for your reply. i tried all of your suggestions, but to no avail. The result was forever the same. No match and no error except in the first instance where your suggested change from $mysqli_stmt = $this->mysqli_obj->stmt_init(); $mysqli_stmt->prepare($sql_select); to $mysqli_stmt = $this->mysqli_obj->prepare($sql_select); results in code failure. i should state that I have used similar code in a functional rather than class context, and it worked fine. Truly, i am baffled. Roddy Link to comment Share on other sites More sharing options...
iwato Posted January 28, 2018 Author Share Posted January 28, 2018 (edited) I have just uploaded the relevant files and trigger page to the Grammar Captive Website in an effort to provide better insight. Click on the submit button under the form field entitled Online Change Subscription Status, and you can reproduce results identical to my own. A match should result when the action field is set to 1. If you like, you can even send yourself a copy of the newsletter. Then scroll down to where it says subscribe and unsubscribe and view the relevant links. This will be my first application of the VeriFirm class, if I can get it to work. Roddy Edited January 28, 2018 by iwato Link to comment Share on other sites More sharing options...
iwato Posted January 28, 2018 Author Share Posted January 28, 2018 Finally, this is a copy of the script that produces the above observed results. <?php /************************************************************************ Change of Subscription Status - Trial Document ************************************************************************/ $setValue1 = ini_set('display_errors', 1); $setValue2 = ini_set('display_startup_errors', 1); error_reporting(E_ALL); $get = $_GET; $field = 'newsletter'; require_once('./_utilities/php/classes/class.lunarpages.php'); require_once('./_utilities/php/classes/class.verifirm.php'); $lunarpages = new Lunarpages(); $mysqli_obj = $lunarpages->get_mysqli_obj(); $verifirm = new VeriFirm($mysqli_obj, $get, $field); $verifirm->set_msg_mismatch("Sorry, " . $_GET['username'] . ", but no matching entry in the Grammar Captive database was found. Please try again! If the problem persists, contact the Grammar Captive <a class=" . "'link_style'" . "href='" . $verifirm->create_link() . "'" . "title='Grammar Captive Online Administrator' target='_top'>webmaster</a> and expect a prompt reply in response to your additional effort!"); $verifirm->set_msg_success("Congratulations, " . $_GET['username'] . ", your desired action was successfully processed. No further action is required on your part."); $verifirm->set_msg_failure("Sorry, " . $_GET['username'] . ", but Grammar Captive was unable to process your desired action. It appears that your account status has already been reset. If the problem persists, please contact the Grammar Captive <a class='link_style' href='" . $verifirm->create_link() . "' title='Grammar Captive Online Administrator' target='_top'>webmaster</a> and expect a prompt reply in response to your additional effort!"); echo $verifirm->match_data(); ?> Roddy Link to comment Share on other sites More sharing options...
Don E Posted January 28, 2018 Share Posted January 28, 2018 In the function construct, one of the parameters is the super global $_GET. After doing some testing just to be certain, you cannot re-assign values to it. This is the error I got while testing: Fatal error: Cannot re-assign auto-global variable _GET in /Applications/MAMP/htdocs/testing/classTest.php on line 12 Did you see this error? I noticed the super global $_GET earlier in the construct but dismissed/overlooked it. 1 Link to comment Share on other sites More sharing options...
iwato Posted January 28, 2018 Author Share Posted January 28, 2018 Yes, I noticed that as well and changed the argument of the constructor function to $get and assigned $_GET to $get before the class is invoked. This is the revised version of the VeriFirm class. <?php class VeriFirm { private $mysqli_obj; private $username; private $email; private $hash; public $action = 0; private $field; private $tbl_name = 'captive_roster'; public $admin = 'admin@grammarcaptive.com'; public $subject = 'Grammar%20Captive%20-%20Verify%20and%20Confirm%20User%20Action'; public $msg_mismatch; public $msg_success; public $msg_failure; public function __construct($mysqli_obj, $get, $field) { $this->mysqli_obj = $mysqli_obj; $this->field = $field; if((isset($get['username']) && !empty($get['username'])) AND (isset($get['email']) && !empty($get['email'])) AND (isset($get['hash']) && !empty($get['hash']))){ $this->username = $mysqli_obj->real_escape_string($get['username']);; $this->email = $mysqli_obj->real_escape_string($get['email']); $this->hash = $mysqli_obj->real_escape_string($get['hash']); $this->action = $mysqli_obj->real_escape_string($get['action']); } } public function create_link() { return $mailto = "mailto:" . $this->admin . "?Subject=" . $this->subject; } public function match_data() { $sql_select = "SELECT user_name, email_address, hash, " . $this->field . " FROM " . $this->tbl_name . " WHERE user_name=? AND email_address=? AND hash=? AND " . $this->field . "=" . $this->action; $mysqli_stmt = $this->mysqli_obj->stmt_init(); $mysqli_stmt->prepare($sql_select); $mysqli_stmt->bind_param("sss", $this->username, $this->email, $this->hash); $mysqli_stmt->execute(); $mysqli_result = $mysqli_stmt->get_result(); // $match = mysqli_num_rows($mysqli_result); // if($match > 0){ if($mysqli_stmt->num_rows > 0){ $this->update_record(); } else { return $this->msg_mismatch; } } private function update_record() { if ($this->action == 0) { $sql_update = "UPDATE " . $this->tbl_name . " SET " . $this->field . "='1' WHERE user_name=? AND email_address=? AND hash=? AND ". $this->field . "=0"; $mysqli_stmt->prepare($sql_update); $mysqli_stmt->bind_param("sss", $this->username, $this->email, $this->hash); if ($mysqli_stmt->execute()) { return $this->msg_success; } else { return $this->msg_failure; } } else if ($this->action == 1) { $sql_update = "UPDATE " . $this->tbl_name . " SET " . $this->field . "='0' WHERE user_name=? AND email_address=? AND hash=? AND ". $this->field . "=1"; $mysqli_stmt->prepare($sql_update); $mysqli_stmt->bind_param("sss", $this->username, $this->email, $this->hash); if ($mysqli_stmt->execute()) { return $this->msg_success; } else { return $this->msg_failure; } } } public function get_admin_and_subject() { return $this->admin . " and " . $this->subject; } public function set_admin_and_subject($admin, $subject) { $this->admin = $admin; $this->subject = $subject; } public function get_tablename() { return $this->tbl_name; } public function set_tablename($tbl_name) { $this->tbl_name = $tbl_name; } public function get_msg_mismatch() { return $this->msg_mismatch; } public function set_msg_mismatch($msg_mismatch) { $this->msg_mismatch = $msg_mismatch; } public function get_msg_success() { return $this->msg_success; } public function set_msg_success($msg_success) { $this->msg_success = $msg_success; } public function get_msg_failure() { return $this->msg_failure; } public function set_msg_failure($msg_failure) { $this->msg_failure = $msg_failure; } } ?> Link to comment Share on other sites More sharing options...
justsomeguy Posted January 29, 2018 Share Posted January 29, 2018 Yes, I noticed that as well and changed the argument of the constructor function to $get and assigned $_GET to $get before the class is invoked. There's literally no reason to do that. You don't have to pass it as a parameter, it's called a "superglobal" for a reason. If you want to pass a parameter telling it whether or not to check in $_GET that's one thing, but there's no reason to copy the data and pass that. Also, there's no reason to use both isset and empty - the description for empty says it will only return true if the variable is set and is not empty. In other words, calling empty includes an implicit call to isset. 1 Link to comment Share on other sites More sharing options...
iwato Posted January 29, 2018 Author Share Posted January 29, 2018 Less the discussion about the use of the empty() and isset() functions are you suggesting the following rewrite of the constructor function? public function __construct($mysqli_obj, $field) { $this->mysqli_obj = $mysqli_obj; $this->field = $field; if((isset($get['username']) && !empty($_GET['username'])) AND (isset($_GET['email']) && !empty($_GET['email'])) AND (isset($_GET['hash']) && !empty($_GET['hash']))){ $this->username = $mysqli_obj->real_escape_string($get['username']);; $this->email = $mysqli_obj->real_escape_string($get['email']); $this->hash = $mysqli_obj->real_escape_string($get['hash']); $this->action = $mysqli_obj->real_escape_string($get['action']); } } In any case, I cannot imagine this to be the source of my difficulty, as both ways appear to achieve the same end. Roddy Link to comment Share on other sites More sharing options...
iwato Posted January 29, 2018 Author Share Posted January 29, 2018 (edited) JSG: Click on the trigger file with the field value -- namely, $this->action -- set to Inactive, rather than 0 and read the error messages that result. Now, look carefully at the following statement and tell me whether you see anything afoul. $sql_select = "SELECT user_name, email_address, hash, " . $this->field . " FROM " . $this->tbl_name . " WHERE user_name=? AND email_address=? AND hash=? AND " . $this->field . "=" . $this->action; Thanks, Roddy Edited January 29, 2018 by iwato Link to comment Share on other sites More sharing options...
iwato Posted January 30, 2018 Author Share Posted January 30, 2018 These are lines 40, 41, and 42, as well as 45 of the error code. $mysqli_stmt->bind_param("sss", $this->username, $this->email, $this->hash); $mysqli_stmt->execute(); $mysqli_result = $mysqli_stmt->get_result(); if($mysqli_stmt->num_rows > 0){ Link to comment Share on other sites More sharing options...
Don E Posted January 30, 2018 Share Posted January 30, 2018 (edited) Hey iwato, are you sure your column names are exactly like in your query? Also something to try, probably makes no difference but since you're calling get_result after execute, instead try to see if you have any num_rows with $mysqli_result->num_rows (get_result should return a result set on successful query) instead of $mysqli_stmt->num_rows. Edited January 30, 2018 by Don E Link to comment Share on other sites More sharing options...
iwato Posted January 30, 2018 Author Share Posted January 30, 2018 OK. This is the table structure as read by phpMyAdmin of my ISP. Could the problem be that I have two primary keys (*) # Name Type Collation Attributes Null Default Comments Extra 1 obs * int(11) No None AUTO_INCREMENT 2 user_name varchar(20) utf8_bin No None 3 language varchar(225) utf8_general_ci No None 4 email_address varchar(60) ascii_general_ci No None 5 given_name varchar(30) utf8_general_ci Yes NULL 6 family_name varchar(30) utf8_general_ci Yes NULL 7 subscription_date * timestamp No CURRENT_TIMESTAMP 8 hash varchar(225) ascii_bin No None 9 active enum('0', '1') utf8_unicode_ci No 0 0=Inactive, 1=Active 10 modification_date timestamp on update CURRENT_TIMESTAMP No CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP 11 newsletter enum('0', '1') utf8_unicode_ci No 0 0=Inactive, 1=Active 12 webinar enum('0', '1') utf8_unicode_ci No 0 0=Inactive, 1=Active Link to comment Share on other sites More sharing options...
justsomeguy Posted January 30, 2018 Share Posted January 30, 2018 Quote In any case, I cannot imagine this to be the source of my difficulty, as both ways appear to achieve the same end. Then that should be a great hint that changing $_GET to a passed parameter will not solve your problem, and in fact isn't necessary at all. Your first error message is probably due to prepare failing, but you're not checking for errors with that and just trying to bind params. If you want to use mysqli, most of those methods will indicate failure that you need to individually check for. Link to comment Share on other sites More sharing options...
iwato Posted January 30, 2018 Author Share Posted January 30, 2018 I believe that I have found the source of my dilemma. This said, I still do not know how to overcome it The LIKELY SOURCE: Can anyone say which of the following is more likely to work and explain why? One works and the other does not. The one that does not returns the following error message: Undefined variable: OiW8qXsUU1r0uwC9irE2TeHbMTEhYPqS in ... $sql_select = 'SELECT user_name, email_address, hash, newsletter FROM captive_roster WHERE user_name = "橋守岩人" AND hash = "$2y$10$OiW8qXsUU1r0uwC9irE2TeHbMTEhYPqS/Muy8c/YEXYqT0F6CVvoO"'; $sql_select = "SELECT user_name, email_address, hash, newsletter FROM captive_roster WHERE user_name = '橋守岩人' AND hash = '$2y$10$OiW8qXsUU1r0uwC9irE2TeHbMTEhYPqS/Muy8c/YEXYqT0F6CVvoO'"; I believe to know the answer, but would like to here it from you first. Roddy Link to comment Share on other sites More sharing options...
dsonesuk Posted January 30, 2018 Share Posted January 30, 2018 You may have two problems 1) Use double quotes to surround SQL, single quote for text string within double quotes. 2) HASH is a keyword that has significance in SQL https://dev.mysql.com/doc/refman/5.5/en/keywords.html you might want to use backticks for that column name, so no conflict occurs. 1 Link to comment Share on other sites More sharing options...
justsomeguy Posted January 30, 2018 Share Posted January 30, 2018 This is also another reason to use prepared statements. In your second example, since you are using a double-quoted string, PHP sees $OiW8q... as being a variable and trying to substitute the value. That's why you use prepared statements, so things like that don't happen. 1 Link to comment Share on other sites More sharing options...
iwato Posted January 30, 2018 Author Share Posted January 30, 2018 1) Surprise! It is just the opposite. It is the second case that produces the error message, not the first. I suspect that that the nature of the hash tag is the source of the problem, for its value is not what appears in the error message. The true value is "$2y$10$OiW8qXsUU1r0uwC9irE2TeHbMTEhYPqS/Muy8c/YEXYqT0F6CVvoO". Notice what is returned and not returned: $2y$10$ (no) + OiW8qXsUU1r0uwC9irE2TeHbMTEhYPqS (yes) + /Muy8c/YEXYqT0F6CVvoO (no). The first case returns "$2y$10$OiW8qXsUU1r0uwC9irE2TeHbMTEhYPqS/Muy8c/YEXYqT0F6CVvoO" I suspect that mysqli is treating the value as a variable name. 2) Yes, this was to be my next step. In fact, I had already opened the page before your entry. At this stage of the game I prefer to change the column name. There are a still few files that I need to upgrade to prepared statements, anyway, and all of them make use of the same hash field. Once again, many thanks! Link to comment Share on other sites More sharing options...
iwato Posted January 30, 2018 Author Share Posted January 30, 2018 (edited) 5 minutes ago, justsomeguy said: This is also another reason to use prepared statements. In your second example, since you are using a double-quoted string, PHP sees $OiW8q... as being a variable and trying to substitute the value. That's why you use prepared statements, so things like that don't happen. So, are you saying that my prepared statements are what caught the error, and for this I should be thankful? If so, hooray, hooray! By the way, are the prepared statements also rejecting the forward slash. For, I can eliminate the symbol from my hash generator? Roddy Edited January 30, 2018 by iwato Link to comment Share on other sites More sharing options...
justsomeguy Posted January 30, 2018 Share Posted January 30, 2018 It is the second case that produces the error message, not the first. I know, that's what I said. That's the double-quoted string, that's where PHP is trying to do variable replacement. I suspect that mysqli is treating the value as a variable name. It has nothing to do with MySQL. That error message comes from PHP, not MySQL. If you printed out that SQL query you would see this: SELECT user_name, email_address, hash, newsletter FROM captive_roster WHERE user_name = '橋守岩人' AND hash = '$2y$10/Muy8c/YEXYqT0F6CVvoO' Notice something missing? That's because you're telling PHP that you have a string that contains a variable, and PHP is replacing the value of the variable. But that variable doesn't exist, hence the error message, so it gets replaced with an empty string. So, are you saying that my prepared statements are what caught the error, and for this I should be thankful? That's exactly the opposite of what I'm telling you, language expert. Link to comment Share on other sites More sharing options...
justsomeguy Posted January 30, 2018 Share Posted January 30, 2018 OK, I'm the idiot, I read your reply as "caused the error", not "caught the error". It doesn't look like you're using prepared statements though. 1 Link to comment Share on other sites More sharing options...
iwato Posted January 30, 2018 Author Share Posted January 30, 2018 public function match_data() { $sql_select = "SELECT user_name, email_address, hash, " . $this->field . " FROM " . $this->tbl_name . " WHERE user_name=? AND email_address=? AND hash=? AND " . $this->field . "=" . $this->action; $mysqli_stmt = $this->mysqli_obj->stmt_init(); $mysqli_stmt->prepare($sql_select); $mysqli_stmt->bind_param("sss", $this->username, $this->email, $this->hash); $mysqli_stmt->execute(); $mysqli_result = $mysqli_stmt->get_result(); // $match = mysqli_num_rows($mysqli_result); // if($match > 0){ if($mysqli_stmt->num_rows > 0){ $this->update_record(); } else { return $this->msg_mismatch; } } These past two weeks have been really bad for me. First the flu and then bacterial bronchitis. The result was extreme fatigue and physical discomfort. Never in my life have I been so plagued by the common cold. January 2018 will live in infamy in my personal history. Roddy Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now