geomo
Reputation: 141
All this steps are necessary with prepared statement?
All this step are corrects and necessary ?
store_result() and bind_result() togheter ?
<?php
if (isset($_SESSION['userID'])) {
$userID = $_SESSION['userID'];
$stmt = $mysqli->prepare(
"SELECT usergroup, firstname FROM tbl_users WHERE userID = ? ");
$stmt->bind_param('i', $userID);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($usergroup, $firstname);
$stmt->fetch();
$_SESSION['usergroup'] = $usergroup;
$_SESSION['firstname'] = $firstname;
$stmt->close();
}
?>
Upvotes: 0
Views: 79
Answers (1)
Your Common Sense
Reputation: 157839
Yes.
But a programmer always can write a function to wrap all this code in, and call it in one line
<?php
if (isset($_SESSION['userID'])) {
$sql = "SELECT usergroup, firstname FROM tbl_users WHERE userID = ?";
$_SESSION['user'] = $db->getRow($sql, $_SESSION['userID']);
}
However, I have to admit that to write a function based on mysqli requires extraordinary skill, which renders it practically unreliazable for the most SO users. So, better switch to PDO, as it requires three times less code to handle prepared statement, than mysqli
<?php
if (isset($_SESSION['userID'])) {
$stm = $pdo->prepare("SELECT usergroup, firstname FROM tbl_users WHERE userID = ?");
$stm->execute(array(isset($_SESSION['userID']));
$_SESSION['user'] = $stm->fetch();
}
Upvotes: 2
Related Questions
- How to use mysqli prepared statements?
- How to use prepared statement with MySQLI?
- PHP - MySQLi Prepared Statements
- Using a prepared statement in php & mysqli
- PHP- MySQLI prepare statements
- mysqli and prepared statements
- Prepared statements example
- Prepared statements in MySQLi
- question about mysqli prepared statements