I was following the prepared statement example on the php.net site and I cant seem to get my version to work.
$link = mysql_connect("localhost","root","mypassword") or die (mysql_error());
$query= $link->prepare("select * from users WHERE userid = ? AND password=password('?')");
$query->bindParam(1, $userid);
$query->bindParam(2, $password);
$query->execute();
if (mysql_num_rows($query)==1)
{
echo "Welcome, ",$userid,"
";
}
mysql_close($link);
I get the error: syntax error, unexpected T_VARIABLE
Change echo "Welcome, ",$userid," ";
to
echo "Welcome, " . $userid . " ";
Use mysqli_* like $link = mysqli_connect(...
Change following code
` echo "Welcome, ",$userid," ";`
into
` echo "Welcome, " . $userid . " ";`
This is because, PHP use ‘.’ for concatenation of a string.