Hi
I'm trying to re-do my code so that SELECT, INSERTS etc use prepared statements.....
But I'm having a problem
My original code which worked was:
if (isset($_POST['submit1'])) {
// Grab the profile data from the POST
$condo_nm = mysqli_real_escape_string($dbc, trim($_POST['condo_nm']));
// Make sure a review doesn't already exist for this Condo
$query = "SELECT * FROM condo_reviews WHERE condo_nm = '$condo_nm'";
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 0)
{
echo '<span class="agenttitle">Condo Overview: Available</span>';
}
else {
echo '<span class="agenttitle">Condo Overview: Exists</span>';
}
}
However when trying to put it into a prepared statement - I can not get the 'if' statement to work which then shows whether a condo is available or not:
THe code I've done so far is:
if (isset($_POST['submit1'])) {
// Grab the profile data from the POST
$condo_nm = mysqli_real_escape_string($dbc, trim($_POST['condo_nm']));
// Connect to the database
require_once ('myaccess/dbc.php');
// $stmnt1 = $db->stmt_init();
if ($stmnt1 = $dbc -> prepare("SELECT * FROM condo_reviews WHERE condo_nm = ?")) {
$stmnt1->bind_param("s",$condo_nm);
$stmnt1->execute();
$stmnt1->close();
if ('condo_nm' != $condo_nm) {
echo '<span class="agenttitle">Condo Overview: Available</span>';
}
else {
echo '<span class="agenttitle">Condo Overview: Exists</span>';
}
}
}
I'm pretty sure it is this part that doens't work, but have just can't work out what to change it to:
if ('condo_nm' != $condo_nm) {
Any help would be great as I have quite a few of these to change sitewide..
Many thanks as always
