Hi

I'm trying to re-do my code so that SELECT, INSERTS etc use prepared statements.....

But I'm having a problem

My original code which worked was:

if (isset($_POST['submit1'])) {
    // Grab the profile data from the POST
        $condo_nm = mysqli_real_escape_string($dbc, trim($_POST['condo_nm']));



// Make sure a review doesn't already exist for this Condo
      $query = "SELECT * FROM condo_reviews WHERE condo_nm = '$condo_nm'";
      $data = mysqli_query($dbc, $query);
      if (mysqli_num_rows($data) == 0) 
      {

          echo '<span class="agenttitle">Condo Overview: Available</span>';
      }
      else {
          echo '<span class="agenttitle">Condo Overview: Exists</span>';
      }
}

However when trying to put it into a prepared statement - I can not get the 'if' statement to work which then shows whether a condo is available or not:

THe code I've done so far is:

if (isset($_POST['submit1'])) {
    // Grab the profile data from the POST
        $condo_nm = mysqli_real_escape_string($dbc, trim($_POST['condo_nm']));



 // Connect to the database
     require_once ('myaccess/dbc.php');

      // $stmnt1 = $db->stmt_init();

    if ($stmnt1 = $dbc -> prepare("SELECT * FROM condo_reviews WHERE condo_nm = ?")) {

     $stmnt1->bind_param("s",$condo_nm);
     $stmnt1->execute();
     $stmnt1->close();

     if ('condo_nm' != $condo_nm) {


          echo '<span class="agenttitle">Condo Overview: Available</span>';
      }
      else {
          echo '<span class="agenttitle">Condo Overview: Exists</span>';
      }
}
}

I'm pretty sure it is this part that doens't work, but have just can't work out what to change it to:

if ('condo_nm' != $condo_nm) {

Any help would be great as I have quite a few of these to change sitewide..

Many thanks as always

See the example here. You need to fetch the result, before you close the statement.

first of all, in comparision you should not put the string as the first compared object.. what i mean is you should write it like this.
if($var != 'string'){}
not
if('string' != $var){}

second, you should make a var_dump($condo_nm) to see what it actually has.

and you are comparing stmnt1 without initialize it ( it is commented) in line 10.

i hope i helped.....

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.