Category : prepared-statement

Using prepared statements in MySQL you have to use a parameter only once. Coding like the example below will envoke "SQLSTATE[HY093]: Invalid parameter number" $enigma = ‘ThisIsTheSecretEncryptionKey’; $data = [ ‘name’ => $name, ‘first_name’ => $first_name, ‘gender’ => $gender, ‘birthdate’ => $birthdate, ’email’ => $email, ‘profession’ => $profession, ‘enigma’ => $enigma ]; $sql = "INSERT ..

Read more

$_POST[‘data’] contains an id and other fields that need to be inserted in a DB row with this id. Is there a way to avoid redundancy in this code: $data = json_decode($_POST[‘data’], true); $db = new PDO(‘sqlite:data.db’); $stmt = $db->prepare("UPDATE test SET a=?, b=?, c=?, d=?, e=?, f=? WHERE id=?"); $stmt->execute(array($data[‘a’], $data[‘b’], $data[‘c’], $data[‘d’], $data[‘e’], ..

Read more

This is the profile page code: <?php session_start(); require ‘functions.php’; ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="home-style.css"> <title>test</title> </head> <body> <section> <div class="head"> <div class="logo"> <img src="logo/logo.jpg" class="img" alt="logo"> </div> <div class="info"> <h1> <?php echo $row[‘username’]; ?> </h1> </div> </div> </section> </body> </html> And ..

Read more