Hello,
Why in the first SELECT instruction has been used a prepared statement, instead in the second SELECT no?
Thank you
if (isset($_POST['action']) and $_POST['action'] == 'Edit')
{
include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
try {
$sql = 'SELECT id, joketext, authorid FROM joke WHERE id = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error fetching joke details.';
include 'error.html.php';
exit();
}
$row = $s->fetch();
$pageTitle = 'Edit Joke';
$action = 'editform';
$text = $row['joketext'];
$authorid = $row['authorid'];
$id = $row['id'];
$button = 'Update joke';
// Build the list of authors
try
{
$result = $pdo->query('SELECT id, name FROM author');
}
catch (PDOException $e)
{
$error = 'Error fetching list of authors.';
include 'error.html.php';
exit();
}
foreach ($result as $row)
{
$authors[] = array('id' => $row['id'], 'name' => $row['name']);
}