Reputation: 128
PHP - MySQLi Prepared Statements
$name = $_GET['user'];
if(isset($_GET['user']) && strlen($_GET['user'])>0) {
$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $db);
$stmt = $mysqli->prepare("SELECT username FROM users WHERE username=?");
$stmt->bind_param('s', $name);
$stmt->execute();
while($stmt->fetch()) {
if($stmt->num_rows == 0) {
header("Location: home?errormsg=notfound");
exit();
}
}
$stmt->store_result();
$stmt->close();
}
$mysqli->close();
So, the above code checks if $_GET['name'] exists in the database, and if it doesn't, to redirect to home?errormsg=notfound but it redirects the usernames which exists in the database to the link 'home?errormsg=notfound' as well. Can you suggest a way to solve this problem?
Upvotes: 2
Views: 1219
Answers (2)
Reputation: 3682
I have not tried this but maybe it helps.
You are calling $stmt->store_result(); after $stmt->num_rows
Please try moving $stmt->store_result(); before $stmt->num_rows
Example. you can see here
Upvotes: 0
Reputation: 2621
You have to call $stmt->store_result() before $stmt->num_rows.
And your $stmt->fetch() is not necessary, because you don't use the selected data.
If you call store_result() after num_rows it won't work.
Part of comment from manual page:
If you do not use mysqli_stmt_store_result( ), and immediatley call this function after executing a prepared statement, this function will usually return 0 as it has no way to know how many rows are in the result set as the result set is not saved in memory yet.
So your code should look like this:
$name = $_GET['user'];
if(isset($_GET['user']) && strlen($_GET['user'])>0) {
$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $db);
$stmt = $mysqli->prepare("SELECT username FROM users WHERE username=?");
$stmt->bind_param('s', $name);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows == 0) {
header("Location: home?errormsg=notfound");
exit();
}
$stmt->close();
}
$mysqli->close();
Upvotes: 3