0

im looking to convert this code using prepared statments if possible but am open to suggestions

function list_owner_notes(){
            $id = $this->id;	
            $sql = "SELECT nid, title FROM notes JOIN hubs ON notes.hub_url=hubs.hub_url WHERE owner = '$id'";
            $result = mysql_query($sql) or die(mysql_error());           $notes = array();

/           for($i=0; $row = mysql_fetch_array($result, MYSQL_ASSOC); $i++){
              $notes[$i]=$row;
          }
            return $notes;
        }

here what i got but not sure if it will work

function list_owner_notes()(){
              $id = $this->id;

                  $$stmt = $dbs->stmt_init();
                  if($stmt->prepare("SELECT 'nid', 'title' FROM 'notes' JOIN 'hubs' ON 'notes.hub_url' = 'hubs.hub_url' WHERE 'owner' = ?"))
                     {
                             $stmt->bind_param('i', $id);
                             $stmt->execute();
                             $stmt->bind_result($nid, $title);
                               $i = 0;

                             while($stmt->fetch())
                             {
                                     $this->id = $id;
                                     $this->nid = $nid;
                                     $this->title = $title;
                                       $notes[$i] = array(nid, title);
                                       
                                                                    }
                               return notes;

                             $stmt->close();
                     } else die(mysql_error());

any help or suggestions would be greatly appreciated, basically try to sanitize data input before making a query

Edited by Ezzaral: Added code tags. Please use them to format any code that you post.

2
Contributors
1
Reply
2
Views
7 Years
Discussion Span
Last Post by nileshgr
0

Use PDO. It makes life easier. Everything integrated at one place and simple API. I shifted from mysql-mysqli to PDO-mysql.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.