I got the correct data showing now by amending the code to the following
<?php
$ticket_id = '';
$username = '';
$stmt = $mysqli->prepare("SELECT ticket_id, DATE_FORMAT(created_at,'%d/%m/%Y \at\ %H:%i') AS created_at, DATE_FORMAT(ticket_timestamp,'%d/%m/%Y %H:%i') AS ticket_timestamp, user_name FROM support_tickets WHERE ticket_id = '58' AND user_name = 'ianhaney35new'");
//$stmt->bind_param();
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows === 0) exit('No rows');
$row = $result->fetch_assoc();
?>
So now just need to amend it back with a placeholder and leave the single quotes around the ? and put a s in the bind_param line.
In phpmyadmin it does work still without the single quotes around the 58.
Regarding the username and $_SESSION[āuser_nameā]. Where should I put the var_dump() or echo ().
If I use user_id instead of _user_name, does that mean I need to change all pages to be for user_id instead of user_name and the support_ticket related db tables or just the support_ticket pages?
Hopefully that makes sense, I just want to say thank you as am beginning to get to grips with the placeholders and prepared statements very slowly
Just before you use the variables, so in this case youād want them just before your call to bind_param(). You need to see what the value is when it is being used. (Technically thatās when you call execute(), but as thatās right after in this case itās the same).
No, donāt put quotes around the placeholder. One of the good things about prepared statements is you donāt need to worry about quotes, embedded quotes, itās all handled for you.
Anywhere that you use the name should really use the id. It doesnāt matter for now, itās just a more usual way of linking things. āNormalisationā is the term.
I put var_dump(); before bind_param but got a error saying Warning : var_dump() expects at least 1 parameter, 0 given in /home/itdonerightco/public_html/account/view-support-ticket.php on line 167
Is it because I have commented out bind_param line?
Iām back to not really understanding the query line again and getting the data for the specific ticket_id and user_name
I keep getting no rows, I amended the query and bind_param to the following
$ticket_id = '';
$username = '';
$stmt = $mysqli->prepare("SELECT ticket_id, DATE_FORMAT(created_at,'%d/%m/%Y \at\ %H:%i') AS created_at, DATE_FORMAT(ticket_timestamp,'%d/%m/%Y %H:%i') AS ticket_timestamp, user_name FROM support_tickets WHERE ticket_id = ? AND user_name = 'ianhaney35new'");
$stmt->bind_param("s", $ticket_id);
Think I am getting somewhere as sorted the errors on the page with the first query. The updated code I got is below
<?php
if(isset($_GET['user_name'])){
$username =$_GET['user_name'];
}
if(isset($_GET['ticket_id'])){
$ticket_id =$_GET['ticket_id'];
}
$stmt = $mysqli->prepare("SELECT ticket_id, DATE_FORMAT(created_at,'%d/%m/%Y \at\ %H:%i') AS created_at, DATE_FORMAT(ticket_timestamp,'%d/%m/%Y %H:%i') AS ticket_timestamp, user_name FROM support_tickets WHERE ticket_id = '$ticket_id' AND user_name = '$username'");
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows === 0) exit('No rows');
$row = $result->fetch_assoc();
?>
I am just working the second query now that will retrieve the file_name of each file uploaded to the db table and display the file_name. I am able to get the data but I think itās not getting the file_names for the specific ticket_id
Itās getting the file_name for all tickets and not just the file_names for the specific ticket_id, the code for that query is below
No, itās because you gave var_dump() zero parameters instead of one, exactly as the error message tells you. You need to put:
var_dump($username);
var_dump($ticket_id);
and I suspect youāve just put
var_dump();
for some reason. You may not be familiar with the function, but you must be aware of echo, and you will be aware you can go on php.net and find all the documentation for these functions.
That may work, but youāve reverted to not using prepared statements - I know you call prepare(), but while you concatenate the strings into the query, especially without doing any kind of checking, it has no real effect. So you need to get your bind_param() working again.
Your query does an inner join based on the username, not the ticket id, so I would presume it would get all files for that user.
Just working on the second query again and have amended it but itās just outputting no rows. I put the following query in phpmyadmin and itās outputting the right data
SELECT support_tickets.ticket_id, support_ticket_files.file_name FROM support_ticket_files INNER JOIN support_tickets ON support_ticket_files.ticket_id=support_tickets.ticket_id WHERE support_tickets.ticket_id = '58' AND support_ticket_files.file_name = 'customer-agreement-may-2018.docx'
It looks OK, and if it recovers the data that it should, then it must be good. I am not a mysqli expert, though, so I canāt say whether there are other things. But if itās working, thatās good.
On the second query, isnāt it better to retrieve the filename based on the ticket_id rather than the name? Retrieve all files for that ticket, then loop through the results to display them?
ok not 100% on how to do that to be honest. I have amended the query to be the following
SELECT support_ticket_files.file_name FROM support_ticket_files INNER JOIN support_tickets ON support_ticket_files.ticket_id=support_tickets.ticket_id
WHERE support_tickets.ticket_id = ?
Think I got it sorted now kind of, if there are files for the specific ticket_id, it shows the correct file_name but if there are not any files for the specific ticket_id, it shows no rows and no footer etc.
I think this is where I need to do the loop through the results as mentioned but not 100% on how to do it, the amended code is below
Also do I still need to do a JOIN still for retrieval of the data of the file_name for the specific ticket_id or when the front end user opens a new support ticket, do I need to amend the code so the ticket_id is added to the support_ticket_files db table as well?
Not sure what youāre driving at in the last paragraph. When the user opens a new support ticket, you (or MySQL, presumably) assign it a new unique id. When they upload a file to it, thatās when you stick it in the support_ticket_files table.
Thank you, I managed to add the while loop in earlier today and will be testing it tonight and hopefully the support ticket will add to the support_tickets db table and the files will be added to the support_tickets_files and are added by a unique id