is this piece of code correct syntax wise ?
I need to update some fields in a certain row in my database which i can access using email ... so is this right ?
public function storeData($emaill, $servicee, $ratee, $rated_clientss) {
$email = "samy@gmail.com";
$service = "lksdjfsdkljf";
$rate = "good";
$rated_clients = "20";
$stmt = $this->conn->prepare ( "UPDATE users SET service='$service' and SET rate='$rate' and SET rated_clients='$rated_clients' WHERE email='$email'" );
var_dump($stmt->execute ());
if ($stmt->execute ()) {
$data = $stmt->get_result ()->fetch_assoc ();
$stmt->close ();
return $data;
} else {
return NULL;
}
}
Prepared statments to not directly accept user input, instead, you need to pass them as a placeholder: ?
, and then use bind_param()
to fill in the type and the variable.
Observe:
$stmt = $this->conn->prepare ( "UPDATE users SET service=? and SET rate=? and SET rated_clients=? WHERE email=?" );
$stmt->bind_param('ssss', $service, $rate, $rated_clients, $email);
Now you can correctly ->execute
the $stmt
.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.