I too feel that PDO is most often better than mysqli.
I think what mysqli has going for it are two things
- it is mysql Improved, so it will be more familiar to those used to using DEPRECATED mysql
- it has both Procedural and OOP so those that shy away from OOP can still use it.
@ses0713 I’ve long given up trying to “fix” broken mysql code. Take a look at this and give it a try. (not tested, and user supplied input is not sanitized)
* I don’t see where you’re using $result anywhere ??
<?php
define('DB_NAME', 'comics');
define('DB_USER', 'root');
define('DB_PASSWORD', 'password');
define('DB_HOST', 'localhost');
//$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
$link = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if (!link) {
// die('Could not connect: ' . mysql_error());
die('Could not connect: ' . mysqli_connect_error());
}
/*
$db_selected = mysql_select_db(DB_NAME, $link);
if (!$db_selected) {
die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}
*/
/* Useless as $result is not being used anywhere?
//if (!isset($_GET['update'])){
if ( (!isset($_GET['update'])) && (isset($_GET['id'])) ){
// $q = "SELECT * FROM comics where ID = '$_GET[id]'";
// $result = mysql_query($q);
// $comics = mysql_fetch_array($result);
$q = "SELECT * FROM comics where ID = ?";
$stmt = mysqli_prepare($link, $q);
mysqli_stmt_bind_param($stmt, "i", $_GET[id]);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
mysqli_free_result($result);
}
*/
if(isset($_GET['update']))
{
/*
$email = mysql_real_escape_string($_GET["email"]);
$title = mysql_real_escape_string($_GET["title"]);
$issue = mysql_real_escape_string($_GET["issue"]);
$edition = mysql_real_escape_string($_GET["edition"]);
$publisher = mysql_real_escape_string($_GET["publisher"]);
$condition = mysql_real_escape_string($_GET["condition"]);
$price = mysql_real_escape_string($_GET["price"]);
$targetid = intval($_GET["id"]);
*/
// $sql = "UPDATE comics SET Email='$email', Title='$title', Issue='$issue', Edition='$edition', Publisher='$publisher', Quality='$condition', Cost='$price' WHERE ID = '$targetid' ";
$sql = "UPDATE comics SET Email = ?, Title = ?, Issue = ?, Edition = ?, Publisher = ?, Quality = ?, Cost = ? WHERE ID = ?";
$stmt = mysqli_prepare($link, $sql);
mysqli_stmt_bind_param($stmt, "sssssssi", $_GET["email"], $_GET["title"], $_GET["issue"], $_GET["edition"], $_GET["publisher"], $_GET["condition"], $_GET["price"], $_GET[id]);
mysqli_stmt_execute($stmt);
$affected_rows = mysqli_stmt_affected_rows($stmt);
mysqli_stmt_close($stmt);
mysqli_close($link);
/*
$myData = mysql_query($sql,$link);
if($myData == FALSE) {die ("error: " .mysql_error());}
if ($myData == TRUE) {
*/
if(!$affected_rows >= 1) {
die ("error: " .mysqli_stmt_error($stmt));
}
if ($affected_rows > 0) {
header('Location: index.html');
}
//mysql_close($link);
}
?>