I have this code, and works perfectly, but i want to make a simple modification
<?php session_start();
require 'includes/f_banco1.php';
require '../PasswordHash.php';
function checkBd($sql, $db, $user, $codePass) {
$user = $_GET['userid']; //here
$codePass = $_GET['code'];//here
if(is_numeric($user)) {
($sql = $db->prepare("select userid, code from password_reset where userid=? and code=?"));
$sql->bind_param('ss', $user, $codePass);
$sql->execute();
$sql->bind_result($user, $codePass);
if ($sql->fetch()) {
$_SESSION['u_name']= sha1($user);
header("location: updatePass.php");
return true;
}
else
echo "Não existe na BD";
return false;
}
else
echo "Erro";
}
checkBd ($sql, $db, $user, $codePass);
?>
i want to change these lines
$user = $_GET['userid']; //here
$codePass = $_GET['code'];//here
to
$user = mysqli_real_escape_string($db, $_GET['userid']);
$codePass = mysqli_real_escape_string($db, $_GET['code']);
but with this change the code simple stops work, an echo of $user doesn't show nothing
any idea?
thanks
You do not need to do that. You are using prepared statements, which escape the variables automatically.
If you prepare your statement, you don't need to escape your string.
Note: Your database connection must be opened to use mysqli_real_escape_string()
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.