hi can someone check this section up for me as im getting a error from it after converting to mysqli
Fatal error: Call to a member function query() on a non-object in /home/matureco/public_html/config/db_connect.php on line 67
// find total message per user
if(! function_exists(unReadMsgCount) )
{
function unReadMsgCount($id)
{
return $conn->query("select * from messages where rece_id='".$id."' and readflage = 0 and status=1")->num_rows;
}
}
ty jan x
Jump to PostSyntax for
mysqli_query().PS: Again, it seems that you don't listen to someone's suggestion about SQL injection. You don't prepare query but rather directly use it in database query...
Where is $conn instantiated?
from here hun
<?php
session_start();
include("config_global.php");
$conn = new mysqli(DBHOST,DBUSER,DBPASS,DBNAME) or die($mysqli->error);
$row = $conn->query("select * from settings where id = '1' ")->fetch_array();
$site_name = trim(stripslashes($row['site_name']));
$email = trim($row['email']);
$keyword = trim(stripslashes($row['keyword']));
$description= trim(stripslashes($row['description']));
$logo = trim($row['logo']);
$copyright = trim(stripslashes($row['copyright']));
$favicon = trim($row['favicon']);
$paypal_email = trim($row['paypal_email']);
Yes, I think we've been here before. SQL Injection, trimming post-select instead of pre-insert.
Also use a 'LIMIT 1' clause in the SQL to stop MySQL from searching the rest of the table once it has found a hit.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.