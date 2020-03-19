Php mysqli prepared statement data for specific user session and ticket id

I am trying to retrieve filenames that are stored in the database and the actual files stored on my ftp server in a folder and what I am trying to do is display a list of the filenames related to the ticket id and the specific user session but can’t work out how to do it, I am bit new to prepared statements (late to the party on this one I know). My current coding is below. I have been looking on google for examples and looking at php.net etc. but not getting any closed I think

<?php
														$mysqli = new mysqli("localhost", "username", "password", "dbname");
														if ($mysqli->connect_errno) {
															echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
														}
														?>
														<?php
														$stmt = $mysqli->prepare("SELECT support_tickets.ticket_id, support_ticket_files.file_name, support_tickets.user_name FROM support_tickets INNER JOIN support_ticket_files ON support_tickets.user_name=support_ticket_files.user_name
    													WHERE support_tickets.ticket_id = ? and support_tickets.user_name = '".$_SESSION['user_name']."'");
														$stmt->bind_param("iss", $_POST['ticket_id']);
														$stmt->execute();
														$stmt->store_result();
														if($stmt->num_rows === 0) exit('No rows');
														$stmt->bind_result($ticket_idRow, $filenameRow, $usernameRow); 
														while($stmt->fetch()) {
														  $ticket_ids[] = $ticket_idRow;
														  $filename[] = $filenameRow;
														  $username[] = $usernameRow;
														}
														var_export($ticket_ids);
														$stmt->close();
														?>
                                                        <ul class="nav">
														<li><a href="support-ticket-images/<?php echo $filename; ?>" class="noline" download="download"><?php echo $filename; ?></a></li>
														<?php $stmt->close(); ?>
                                                      </ul>

That code just outputs no rows

You have a few mistakes! This will help you I think : https://stackoverflow.com/a/26826585/12232340

And this one : https://websitebeaver.com/prepared-statements-in-php-mysqli-to-prevent-sql-injection

I originally looked at https://websitebeaver.com/prepared-statements-in-php-mysqli-to-prevent-sql-injection yesterday and did try the following code going by the example on that site but it just says No rows

<?php
														$mysqli = new mysqli("localhost", "user", "password", "dbname");
														if ($mysqli->connect_errno) {
															echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
														}
														?>
														<?php
														$stmt = $mysqli->prepare("SELECT support_tickets.ticket_id, support_ticket_files.file_name, support_tickets.user_name FROM support_tickets INNER JOIN support_ticket_files ON support_tickets.user_name=support_ticket_files.user_name
    													WHERE support_tickets.ticket_id = ? and support_tickets.user_name = '".$_SESSION['user_name']."'");
														$stmt->bind_param("i", $_POST['ticket_id']);
														$stmt->execute();
														$result = $stmt->get_result();
														if($result->num_rows === 0) exit('No rows');
														while($row = $result->fetch_assoc()) {
														$ticket_id[] = $row['ticket_id'];
														$filename[] = $row['file_name'];
														$username[] = $row['user_name'];
														}
														var_export($ticket_id);
														$stmt->close();
														?>
I have just checked the error log on the server and it says the following

PHP Warning: mysqli_stmt::bind_param(): Number of variables doesn’t match number of parameters in prepared statement in /home/itdonerightco/public_html/account/view-support-ticket.php on line 222

Line 222 is below

$stmt = $mysqli->prepare("SELECT support_tickets.ticket_id, support_ticket_files.file_name, support_tickets.user_name FROM support_tickets INNER JOIN support_ticket_files ON support_tickets.user_name=support_ticket_files.user_name
    													WHERE support_tickets.ticket_id = ? and support_tickets.user_name = '".$_SESSION['user_name']."'");

It’s also go the following error

PHP Fatal error: Uncaught Error: Call to a member function fetch_assoc() on bool in /home/itdonerightco/public_html/account/view-support-ticket.php:226
Stack trace:
#0 {main}
thrown in /home/itdonerightco/public_html/account/view-support-ticket.php on line 226

Line 226 is below

while($row = $result->fetch_assoc()) {
Your where clause is not equal to bind_param.

Change this :

$stmt->bind_param("i", $_POST['ticket_id']);

To :

$stmt->bind_param("is", $_POST['ticket_id'], $_SESSION['user_name']);

And this :

$ticket_id[] = $row['ticket_id'];
														$filename[] = $row['file_name'];

To this:

echo $row['ticket_id'];
														 echo $row['file_name'];

If you want to use values out of while loop then change while :

while($row = $result->fetch_assoc()) {

To this:

$row = $result->fetch_assoc();

And then use like this in html
<?php echo $row['file_name']; ?>

I am on mobile sorry can’t write full codes :frowning: