Page 226 - PHP Novice to Ninja

idanieleperi · August 22, 2015, 1:14pm

Hello,
Why in the first SELECT instruction has been used a prepared statement, instead in the second SELECT no?

Thank you

 if (isset($_POST['action']) and $_POST['action'] == 'Edit')
    {
      include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
    try {
        $sql = 'SELECT id, joketext, authorid FROM joke WHERE id = :id';
        $s = $pdo->prepare($sql);
        $s->bindValue(':id', $_POST['id']);
        $s->execute();
    }
    catch (PDOException $e)
      {
        $error = 'Error fetching joke details.';
        include 'error.html.php';
        exit();
      }
      $row = $s->fetch();
      $pageTitle = 'Edit Joke';
      $action = 'editform';
      $text = $row['joketext'];
      $authorid = $row['authorid'];
      $id = $row['id'];
      $button = 'Update joke';


      // Build the list of authors
      try
      {
        $result = $pdo->query('SELECT id, name FROM author');
      }
      catch (PDOException $e)
      {
        $error = 'Error fetching list of authors.';
        include 'error.html.php';
        exit();
    }
      foreach ($result as $row)
      {
        $authors[] = array('id' => $row['id'], 'name' => $row['name']);
      }

StarLion · August 22, 2015, 2:54pm

because the second has no variable values in it; a prepared statement is unnecessary.

system · November 21, 2015, 9:54pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.