Hi Every Body
I am facing problem in retreving the data from my mysql table I want to use prepared statement with mysqli for security reason. Here is my code Please give a guidance -
<?php
$host="localhost"; // Host name
$username="**********"; // Mysql username
$password="**********"; // Mysql password
$db_name="**********"; // Database name
$tbl_name1="**********"; // tem Table name
$tbl_name2="**********"; // registered user table
$mysqli = new mysqli($localhost, $username, $password, $db_name);
if ($mysqli->connect_errno)
{
echo "Connection Failed: " . mysqli_connect_errno();
exit();
}
$count=null;
$passkey=$_GET['passkey'];
echo $passkey; // exact passkey printed
if($stmt = $mysqli -> prepare("SELECT * FROM $tbl_name1 WHERE confirm_code=?"))
{
$stmt -> bind_param("s", $passkey);
$stmt -> execute();
$stmt->store_result();
$count=$stmt->num_rows;
echo "\n".$count; // getting the value 1 which is correct
if($count==1)
{
while($rows = $stmt->fetch_assoc())
{
$v_fname=$rows['temp_first_name'];
$v_lname=$rows['temp_last_name'];
$v_sex=$rows['temp_sex'];
$v_phone=$rows['temp_phone'];
$v_city=$rows['temp_state'];
$v_state=$rows['temp_city'];
$v_pin=$rows['temp_pin'];
$v_schoolname=$rows['temp_school_name'];
$v_class=$rows['temp_class'];
$v_subject=$rows['temp_computer_subject'];
$v_board=$rows['temp_board'];
$v_session=$rows['temp_session'];
$v_email=$rows['temp_email'];
$password=$rows['temp_password'];
$v_salt=$rows['temp_salt'];
if (!($insert_stmt = $mysqli->prepare("INSERT INTO $tbl_name2 (first_name,last_name,sex,phone,state,city,pin,school_name,class,computer_subject,board, session,email,password,salt) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)")))
{
echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
}
if(!$insert_stmt->bind_param('sssiiisssssssss',$v_fname,$v_lname,$v_sex,$v_phone,$v_city,$v_state,$v_pin, $v_schoolname,$v_class,$v_subject,$v_board,$v_session,$v_email, $password,$v_salt))
{
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
if(!$insert_stmt->execute())
{
echo "Execute failed: (" . $mysqli->errno . ") " . $mysqli->error;
}
else
{
//echo "Data saved properly";
$flag=1;
if($flag==1)
{
echo "<body bgcolor='#FFFF99'>";
echo "<p align='center'><font color='#008000' size='6' face='Verdana'>";
echo "Congratulation...!! </font>";
echo "</br>";
echo "<font color='e80005' size='5'>Your account has been activated</font>";
if ($stmt = $mysqli->prepare("DELETE FROM $tbl_name1 WHERE confirm_code = ? LIMIT 1"))
{
$stmt->bind_param("s",$passkey);
$stmt->execute();
}
}
}
}
}
}
else
{
echo "Select Failed: (" . $mysqli->errno . ") " . $mysqli->error;
echo "<body bgcolor='#FFFF99'>";
echo "<p align='center'><font color='#e80005' size='6' face='Verdana'>";
echo "SORRY...! </font>";
echo "</br>";
echo "<font color='#e80005' size='5'>Your Confirmation code is not correct</font>";
}
$stmt->close();
?>