I am trying to find the corresponding bookId for the bookName received from post in a way to avoid errors caused by quotes within the books name.
I am attempting to bind the param to $stmt as $bookName and storing the result as $stmt but
echo $stmt;
gives this error:
Recoverable fatal error: Object of class mysqli_stmt could not be converted to string
So I am not sure what I am doing...
$bookName = trim($_POST['bookName']);
$sql = "SELECT bookId FROM Book WHERE bookName = ?";
if($stmt = mysqli_prepare($conn, $sql)){
mysqli_stmt_bind_param($stmt, "s", $bookName);
if((mysqli_stmt_execute($stmt))){
mysqli_stmt_store_result($stmt);
}
else{
header("location: error.php");
}
}
I was to save the bookId as $bookId
The following code does what I needed
if($stmt = mysqli_prepare($conn, $sql)){
mysqli_stmt_bind_param($stmt, "s", $bookName);
if((mysqli_stmt_execute($stmt))){
$result = mysqli_stmt_get_result($stmt);
while ($row = mysqli_fetch_array($result, MYSQLI_NUM))
{
foreach ($row as $r)
{
$bookId = $r;
}
}
}
else{
header("location: error.php");
}
}
I think you are confused in between two functions mysqli_stmt_store_result and mysqli_stmt_get_result have to see this link in documentation.
You have to use mysqli_stmt_get_result function.
mysqli_stmt_get_result Documentation Link
if((mysqli_stmt_execute($stmt))){
mysqli_stmt_store_result($stmt);
}
Replace above code with
if((mysqli_stmt_execute($stmt))){
// mysqli_stmt_store_result($stmt); not to use
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_array($result, MYSQLI_NUM);
echo $row; //as i dont have database details i hope this work.
}
See Example Two in documentation link for more certification.