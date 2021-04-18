Oh, well that would certainly be causing a similar problem to the one the OP is having, unless they have already changed that bit.
Excuse me, I forgot to say that I had already changed “i” with “s”, so now the code is:
<?php
if(isset($_GET['genere'])){
$genus =$_GET['genere'];
}
$stmt = $db->prepare("SELECT * FROM films__olon WHERE genere = ?");
$stmt->bind_param("s", $genus);
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows === 0) exit('No rows');
while ($row = $result->fetch_assoc()) {
echo "<h2>$genus</h2>";
echo "<h3>$row[titolo]</h3>";
echo "<p>$row[contenuti]</p>";
}
?>
$db point to an existing database, in which there is the table films__olon.
With the word “set” I mean what in mysql is a type (/kind) of column, like enum,tinitext,varchar and so on. And I have said above what values are in my “genere” set field (/column) stored.
EDIT
I tried with another, not “set”, field, but “varchar”.
But the result is the same: “no rows”.
Apologies, I hadn’t seen that data type before.
Have you thought of using
LIKE or
FIND_IN_SET instead of
= in your query?
That sort-of rules out the
= being a problem. What value is in
$genus when you get to the query?
-
Like already tried: nothing changes.
-
FIND_IN_SET just tried, after you suggested, but I get this error message (and no rows):
Fatal error: Uncaught Error: Call to a member function bind_param() on bool in /mnt/dati/schede/cultura/cinema/films-prova.php:41 Stack trace: #0 {main} thrown in /mnt/dati/schede/cultura/cinema/films-prova.php on line 41
line 41 is
$stmt = $db->prepare("SELECT * FROM films__olon WHERE genere find_in_set ?");
What value is in
$genuswhen you get to the query?
Sorry, I don’t understand what you mean. $genius should recall ‘genere’ that has the values reported above (#17).
$genus is the variable that you get from
$_GET['genere'] at the start of your code. I wondered whether you had checked what is in it. Not what it should have in it, but what it actually has in it.
$stmt = $db->prepare("SELECT * FROM films__olon WHERE genere find_in_set ?");
isn’t the correct syntax, as far as I can see looking at various examples. I can’t really help with that, I didn’t know sets existed until a few minutes ago. But looking here, for example, it seems to be quite different: MySQL FIND_IN_SET Function with Practical Examples (mysqltutorial.org)
I also don’t know if there’s an issue using it in a prepared statement.
You need to validate all inputs before using them. This portion of the code requires a non-empty $_GET[‘genere’] value for it to work (we’ll worry about what type of value it is later.) You should trim, then test if the value is not empty. If the input is not valid, it’s a user error and you should set up and display a message telling the user what they did wrong and how to correct it, e.g. ‘Please select a Genre’. Also, as has already been stated, all the relevant code to query for and retrieve the data should be inside the validation ‘success’ logic so that you are not producing php errors and wasting resources when a required input is not present.
Using a SET data type creates a maintenance problem. To add, remove, or edit a choice, you must ALTER the table definition, and unless you are querying to get the table definition and parsing the column definition to get the list of choices for the User Interface part of this application, you must maintain a duplicate data definition in the php code. The suggestion that @droopsnoot has mentioned, stores the genre definitions in one place, a database table, where you can just insert, delete, or update a row of data, you would query this table to produce the choices for the user, and you can then also have things like a ‘description’ column to enhance the User Interface and User eXperience on your site.
While I don’t think you are getting database errors from what you are currently doing, do you have any error handling for all the database statements that can fail - connection, query, prepare, and execute? The easiest way of adding error handling for these statements is to use exceptions for errors and in most cases let php catch and handle the exception where php will use its error related settings (see my previous reply in this thread) to control what happens with the actual error information (database statement errors will ‘automatically’ get displayed/logged the same as php errors.) To use exceptions for errors for the mysqli extension, add the following line of code before the point where you make the database connection -
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
Don’t use exit/die for this condition. If the query doesn’t match any data, you should set up and display a message for the user, and you should display a whole web page with the genre choices, so that they can pick something else to search for.
Thank you.
I added the row you suggested, and changed the “find_in_set” with “like”, so the code is
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
mysqli_connect('localhost', 'myuser', 'mypsw', 'database-name');
if(isset($_GET['genere'])){
$genus =$_GET['genere'];
}
$stmt = $db->prepare("SELECT * FROM films__olon WHERE genere like ?");
$stmt->bind_param("s", $genus);
$stmt->execute();
$result = $stmt->get_result();
//if($result->num_rows === 0) exit('No rows');
while ($row = $result->fetch_assoc()) {
echo "<h2>$genus</h2>";
echo "<h3>$row[titolo]</h3>";
echo "<p>$row[contenuti]</p>";
}
This is the error message:
Fatal error: Uncaught Error: Call to a member function prepare() on null in /mnt/dati/schede/cultura/cinema/films-prova.php:41 Stack trace: #0 {main} thrown in /mnt/dati/schede/cultura/cinema/films-prova.php on line 41
The line 41 is this:
$stmt = $db->prepare("SELECT * FROM films__olon WHERE genere like ?");
I suppose that the problem is an “empty” connection with localhost: isn’t it?
If so I will try to fix it tomorrow, because today is a very busy day.
Anyway your help will be very appreciated.
Good WE to everybody.
you didnt catch the result of this command.
$db = ...
Don’t forget to put the % at the end of your value when you query with LIKE. As already mentioned I would check for not empty and wrap that condition around the query as well as you don’t want the execute the query without a value.
if(!empty($_GET['genere'])){
$genus = $_GET['genere'].'%';
$stmt = $db->prepare("SELECT * FROM films__olon WHERE genere like ?");
$stmt->bind_param("s", $genus);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
echo "<h2>$genus</h2>";
echo "<h3>$row[titolo]</h3>";
echo "<p>$row[contenuti]</p>";
}
}
Yes, you’re right.
$db = mysqli_connect('localhost', 'myuser', 'mypsw', 'database-name');
but even so, it doesn’t work.
I tried also this:
`$genus = "fantasy,fantascienza,drammatici,comici,storici";
$stmt = $db->prepare("SELECT * FROM films__olon WHERE genere like ?");
$stmt->bind_param("s", $genus);
$stmt->execute();
$result = $stmt->get_result();
//if($result->num_rows === 0) exit('No rows');
while ($row = $result->fetch_assoc()) {
echo "<h2>$genus</h2>";
echo "<h3>$row[titolo]</h3>";
echo "<p>$row[contenuti]</p>";
}
But unsuccessfully.`
Thanks. I tried it, but unsuccessfully
Well it looks like you are searching for a comma separated string so unless you are storing values in
genere as a comma separated string (not recommended) I’m not sure you will find a match. Test with one value to make sure the query works FIRST. If you are searching with a comma separated string, you might want to use FIND IN SET(field, ?) instead of LIKE.
if(!empty($_GET['genere'])){
$genus = $_GET['genere'];
$stmt = $db->prepare("SELECT * FROM films__olon WHERE find_in_set(`genere`, ?)");
$stmt->bind_param("s", $genus);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
echo "<h2>$genus</h2>";
echo "<h3>$row[titolo]</h3>";
echo "<p>$row[contenuti]</p>";
}
}
Thank you: I tried it, but it doesn’t work.
The answer of “Does not work” really is not a helpful answer to yourself or anyone helping you. Have you had a working query at all on this table? Have you tried without conditions? Then a query with prepared conditions… Take baby steps so you know at what point things didn’t work.
Manually defining your variable as a comma separated string will bring up results for matching values using the query I last posted. i.e.
$genus = "fantasy,fantascienza,drammatici,comici,storici";
The issue is in HOW are you receiving the data as with _GET that data comes in key=value pairs separated by comma's so you would not be able to get a value of the following From _GET…
fantasy,fantascienza,drammatici,comici,storici
This was why I said to test a single value first to make sure your query works.
Now if you are making some kind of a “filter” of say check boxes to mark off the kinds of records to show, then you would define the input name as an array by adding
[] to the name. For example:
<input type="checkbox" name="genere[]" value="fantasy"> Fantasy<br />
<input type="checkbox" name="genere[]" value="fantascienza"> Fantascienza<br />
You would then need to handle this GET or POST name like an array. By imploding this array using a comma you can turn this array into the exact version to use with that find_in_set() query I post. Here’s a modified version where genere is an array.
if(!empty($_GET['genere'])){
$genus = implode(",",$_GET['genere']);
$stmt = $db->prepare("SELECT * FROM films__olon WHERE find_in_set(`genere`, ?)");
$stmt->bind_param("s", $genus);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
echo "<h2>$genus</h2>";
echo "<h3>$row[titolo]</h3>";
echo "<p>$row[contenuti]</p>";
}
}
When PHP script does not work then I add the tried and tested PHP error functions:
<?php declare(strict_types=1); // file wide type checking
error_reporting(-1); // display maximum errors
ini_set('display_errors', 'true'); // show errors on screen
// SET DEFAULT IF THERE IS NO $_GET parameter
$genus = $_GET['genere'] ?? 'Yes we have NO $genere';
FRED($genus);
$stmt = $db->prepare("SELECT * FROM films__olon WHERE genere = ?");
FRED($stmt);
$stmt->bind_param("s", $genus);
FRED($stmt);
$stmt->execute();
FRED($stmt);
$result = $stmt->get_result();
FRED($result);
if($result->num_rows === 0)
{
exit('No rows');
}
while ($row = $result->fetch_assoc())
{
FRED($row);
echo "<h2>$genus</h2>";
echo "<h3>$row[titolo]</h3>";
echo "<p>$row[contenuti]</p>";
}
//========================================================
function FRED($val='Yes we have no $val???')
{
$tmp = 'width:88%; margin:2em auto;
background-color: yellow; color: #000';
echo "<pre style='$tmp'>";
print_r($val);
echo '</pre>';
}//
I tried this your last code, and I got this error message:
Fatal error: strict_types declaration must be the very first statement in the script in /mnt/dati/schede/cultura/cinema/films-prova.php on line 54
At this point, even appreciating your patience and helpfullness, I guess that prepared statements perhaps are not the way to get my aim, and I wonder if I should show in this thread the whole code, changing the thread title so that you can help me with a solution different from prepared statements.
Why not, for example, use a simple “include” command?
I will try this new way and I will say it about it.
EDIT
In effect the include function (with an external inc file) works, and it’s a very simple solution.
Stupid me not thinking it before!
I share with you my whole (now working) code.
The main file, films.php has this content:
<?php
$title="films prova2";
$img="http://localhost/cultura/cinema/immagini/marcellino.jpg";
$altro="<style type=\"text/css\">
blockquote p:first-child:before {content: none !important;}
blockquote p:last-child:after {content: none !important;}
</style>";
include "normal.inc";
include "$root/intell/header-intell.inc";
?>
<h1>fantasy</h1>
<?php
$query = "SELECT * FROM films__olon WHERE genere like '%fantasy%' ORDER by data";
include "films.inc";
?>
<h1>fantascienza</h1>
<?php
$query = "SELECT * FROM films__olon WHERE genere like '%fantascienza%' ORDER by data";
include "films.inc";
?>
<h1>storici</h1>
<?php
$query = "SELECT * FROM films__olon WHERE genere like '%storici%' ORDER by data";
include "films.inc";
?>
<h1>comici</h1>
<?php
$query = "SELECT * FROM films__olon WHERE genere like '%comici%' ORDER by data";
include "films.inc";
?>
<?php include "$root/intell/footer-intell.inc" ?>
the file films.inc ha this code:
<?php
$result = mysqli_query($db, $query);
while ($row = mysqli_fetch_array($result)){
if(empty($row['titolo'])){echo "<h2>$row[titolo_italiano]";} else{echo "<h2>$row[titolo]";}
if(empty($row['imagelink'])){echo "";} else{echo "<img src=\"$row[imagelink]\" height=\"200px\" class=\"fr\" />";}
echo "</h2>";
echo "<p>data:<b>$row[data]</b> - regista: $row[regia_nome] <a href=\"hashtag-registi.php?tag=$row[regia]\">$row[regia]</a></p>";
echo "<blockquote lang=\""."$row[lingua]\"><p>"."$row[contenuti]</p></blockquote>";
echo "<p class=\"actors\">";
$keywordsa = $row['attori'];
foreach (explode(',', $keywordsa) as $keya) {
if(trim($row["attori"])==''){echo "";} else{echo "<span><b>attori</b>: <a href=\"hashtag-actors.php?tag=$keya\">{$keya}</a></span>";}
}
echo "</p>";
echo "<p class=\"keywords\"><b>temi</b>:";
$keywords = $row['keywords'];
foreach (explode(',', $keywords) as $key) {
if(trim($row["keywords"])==''){echo "";} else{echo "<span><a href=\"hashtag-films.php?tag=$key\">{$key}</a></span>";}
}
echo "</p>";}
?>
And it works!
Thank you very much!
That error message has nothing to do with prepared statements. It tells you what is wrong, so don’t throw the baby out with the bath water.
Of course, I have nothing against the prepared statements in themselves.
A difference here seems to be that you don’t appear to use your
$_GET parameter any more.
Did you ever say what was actually in your
$genus variable when you were using prepared statements? I remember asking a couple of times. If it only contained one of those values, as you use in each of your queries in the latest code, I don’t see why your earlier attempts didn’t work when the latest one does.
Instead of using an “include” in the way that you have, you’d perhaps have been better creating that piece of code as a function. You could then call it with each query (or with each value of genre). At the moment you’re repeating code - you do it as an include so it’s not obvious, but there is a lot of repetition.
It seems to me that you could do what you’re doing with a single query, an
ORDER BY clause and a check inside your loop to see when the genre changes.