[RESOLVED] mysqli_stmt_bind

@NogDogFeb 12.2014 — #Probably need to see the actual code, but it sounds like maybe it's a problem with the first parameter not being a valid mysqli statement identifier (i.e. what is returned by a successful call to mysqli_statement_init() or mysqli_prepare()). If so, you may need to check what that function is returning and if false, add some debug code to figure out why it's failing.

@Dragonfire2008authorFeb 12.2014 — #I get this mysqli error back

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '://www.google.com WHERE id = 20' at line 4

As you can see, it's to do with the "http://" part, I have submitted relative links just fine with ease, does it have something to do with the mysqli_stmt_bind_param? because that's the line it points to.

@NogDogFeb 12.2014 — #Again, need to see the actual code where that SQL is defined and then used in a prepare function, though it looks like you may have an unquoted string literal in the query?

@Dragonfire2008authorFeb 15.2014 — #UPDATE: I checked the POST variables, nothing wrong there.

Here is my form code...

[code=php]
 <?php
 if($_POST['submit']){
 
   $error_message = "";
   $display_message = "";
 
   $error = NULL;
 
   $id = mysqli_prep($_POST['id']);
 
   $image = $_FILES['thumbnail'];
 
   if($image['error'] != 0){
   if($image['error'] == 4){ // no file selected
   $menu_name = mysqli_prep($_POST['title']);
   $group = mysqli_prep($_POST['group']);
   $link = mysqli_prep($_POST['link']);
   $sql = "UPDATE admin_categories SET 
   menu_name = $menu_name,
   group = $group,
   link = $link
   WHERE id = $id";
   $stmt = mysqli_stmt_init($connect);
   mysqli_stmt_prepare($stmt, $sql);
   mysqli_stmt_bind_param($stmt, 'sssi', $menu_name, $group, $link, $id);
   if(mysqli_stmt_execute($stmt)){
   // Success!
   $display_message = "<h6 class="displaymessage">Admin category updated successfully!</h6>n";
   }else{
   // Failed!
   $display_message = "<h6 class="displaymessage">Admin category update failed.</h6>n";
   $display_message = "<h6 class="displaymessage">".mysqli_error($connect)."</h6>n";
   }
   mysqli_stmt_close($stmt);
   } else {
   $error = "File could not be uploaded. Please try again.n";
   // Not correct form enctype?
   }
   }
 
   if(!$error){
   if(!@is_uploaded_file($image['tmp_name'])){
   $error = 'The process cannot continue. Please contact administration.';
   // Malicious user?
   }
   }
 
   if(!$error){
   $allowedMime = array('image/png');
   if(!in_array($image['type'], $allowedMime)){
   $error = 'You can upload only PNG images. Please try again.';
   // Unaccepted file type
   }
   }
 
   if(!$error){
   $allowedExtensions = array('png');
   $fileExtension = array_pop(explode('.', $image['name']));
   if(!in_array($fileExtension, $allowedExtensions)){
   $error = 'You can upload only PNG files. Please try again.';
   // Unaccepted file extension
   }
   }
 
   if(!$error){
   $uploadDirectory = ADMIN.'_images/dir/';
   $uploadName = $image['name'];
   // uploadDirectory must be set as absolute path or as relative path to upload.php
 
   // check if image already exists, if it does, delete it
   if(file_exists($uploadDirectory.$uploadName)) unlink($uploadDirectory.$uploadName);
 
   if(!@move_uploaded_file($image['tmp_name'], $uploadDirectory.$uploadName)){
   $error = 'There was a problem storing the file. Please contact webmaster.';
   // Permission denied to write into folder or hardware issues?
   }
   }
 
   if(!$error){
   $menu_name = mysqli_prep($_POST['title']);
   $group = mysqli_prep($_POST['group']);
   $link = mysqli_prep($_POST['link']);
   $imagen = mysqli_prep($_FILES['thumbnail']['name']);
   $sql = "UPDATE admin_categories SET 
   menu_name = $menu_name,
   group = $group,
   link = $link,
   image = $imagen
   WHERE id = $id";
   $stmt = mysqli_stmt_init($connect);
   mysqli_stmt_prepare($stmt, $sql);
   mysqli_stmt_bind_param($stmt, 'ssssi', $menu_name, $group, $link, $imagen, $id);
   if(mysqli_stmt_execute($stmt)){
   // Success!
   $display_message = "<h6 class="displaymessage">Admin category updated successfully!</h6>n";
   }else{
   // Failed!
   $display_message = "<h6 class="displaymessage">Admin category update failed.</h6>n";
   $display_message = "<h6 class="displaymessage">".mysqli_error($connect)."</h6>n";
   }
   mysqli_stmt_close($stmt);
   }
   if($error) $error_message .= $error."n";
  }
 ?>
 [/code]

...and my mysqli_prep function code...

[code=php]
 function mysqli_prep($value){
 global $connect;
 $magic_quotes_active = get_magic_quotes_gpc();
 $new_enough_php = function_exists("mysqli_real_escape_string");
 if($value == "")
 if($new_enough_php){ // PHP v4.3.0 or higher
 // undo any magic quote effects so mysqli_real_escape_string can do the work
 if($magic_quotes_active){
 $value = stripslashes($value);
 } 
 $value = mysqli_real_escape_string($connect, $value);
 } else { // before PHP 4.3.0
 // if magic quotes aren't already on then add slahses manually
 if(!$magic_quotes_active){
 $value = addslashes($value);
 }
 // if magic quotes are active, then the slashes already exist
 }
 return $value;
 }
 [/code]

UPDATE2: Well I don't know how I missed that screw up (sql query did not have any ?'s), working good now.

[RESOLVED] mysqli_stmt_bind_param with URLs

4 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

[RESOLVED] mysqli_stmt_bind_param with URLs

4 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

4 Comments(s) _↴

Also in #PHP _↴