0

Hi

I'm trying to re-do my code so that SELECT, INSERTS etc use prepared statements.....

But I'm having a problem

My original code which worked was:

if (isset($_POST['submit1'])) {
    // Grab the profile data from the POST
        $condo_nm = mysqli_real_escape_string($dbc, trim($_POST['condo_nm']));



// Make sure a review doesn't already exist for this Condo
      $query = "SELECT * FROM condo_reviews WHERE condo_nm = '$condo_nm'";
      $data = mysqli_query($dbc, $query);
      if (mysqli_num_rows($data) == 0) 
      {

          echo '<span class="agenttitle">Condo Overview: Available</span>';
      }
      else {
          echo '<span class="agenttitle">Condo Overview: Exists</span>';
      }
}

However when trying to put it into a prepared statement - I can not get the 'if' statement to work which then shows whether a condo is available or not:

THe code I've done so far is:

if (isset($_POST['submit1'])) {
    // Grab the profile data from the POST
        $condo_nm = mysqli_real_escape_string($dbc, trim($_POST['condo_nm']));



 // Connect to the database
     require_once ('myaccess/dbc.php');

      // $stmnt1 = $db->stmt_init();

    if ($stmnt1 = $dbc -> prepare("SELECT * FROM condo_reviews WHERE condo_nm = ?")) {

     $stmnt1->bind_param("s",$condo_nm);
     $stmnt1->execute();
     $stmnt1->close();

     if ('condo_nm' != $condo_nm) {


          echo '<span class="agenttitle">Condo Overview: Available</span>';
      }
      else {
          echo '<span class="agenttitle">Condo Overview: Exists</span>';
      }
}
}

I'm pretty sure it is this part that doens't work, but have just can't work out what to change it to:

if ('condo_nm' != $condo_nm) {

Any help would be great as I have quite a few of these to change sitewide..

Many thanks as always

3
Contributors
2
Replies
3
Views
5 Years
Discussion Span
Last Post by mamdouh ramadan
0

first of all, in comparision you should not put the string as the first compared object.. what i mean is you should write it like this.
if($var != 'string'){}
not
if('string' != $var){}

second, you should make a var_dump($condo_nm) to see what it actually has.

and you are comparing stmnt1 without initialize it ( it is commented) in line 10.

i hope i helped.....

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.