1

I don't know why this query won't return a value because when I copy the "echoed" portion into phpmyadmin I do get a record returning:

echo $_GET["cname"];

// Query template
$sql =  'SELECT C.cid FROM `Contact` C WHERE C.email="'.$_GET["cname"].'"';
echo $sql;

// Prepare statement
$stmt = $conn->prepare($sql);

$stmt->execute();
$stmt->bind_result( $res_cid);

echo $res_cid;

$res_cid is apparently 0, but I don't know why because when I paste that query manually into phpmyadmin I do get a value... So why doesn't it return anything?

Improve this question
6
  • can you try to remove quote near contact ? and i dont know what you plan to do but your code is totally unsecure, you'd better use bindparam with PDO Commented Jul 15, 2015 at 21:55
  • Your script is at risk for SQL Injection Attacks. Commented Jul 15, 2015 at 21:56
  • I agree with @ThomasP1988 . Putting user input directly into the query string defeats the purpose of prepared statement. Commented Jul 15, 2015 at 21:58
  • Guys, this is a project for one of my classes, so I am not concerned with security because once my application works then it is never used agian. Commented Jul 15, 2015 at 22:00
  • So you're taking a class, but not interested in learning the proper way to program? Why are you taking the class then? Commented Jul 15, 2015 at 22:14

1 Answer 1

Reset to default
1

As already mentioned in the comments - you should make sure your code is secured. You better use the bindparam for that.

As for your question - after you execute your query and bind_result you should also fetch to get the actual value from the database, based on your query:

// Prepare statement
$stmt = $conn->prepare($sql);

$stmt->execute();
$stmt->bind_result( $res_cid);

// Fetch to get the actual result
$stmt->fetch();
echo $res_cid;
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.