Im attempting to switch some code over from a regular mysqli select query to a more secure mysqli prepared statement, but no matter what method I have tried in the last few hours it just will not work, is there something I have missed in this code?
function getProjectSites($selected){
global $db;
$result = $db->prepare("SELECT DISTINCT site_location, id FROM projects WHERE project_name_id = ? ORDER BY site_location");
$result->bind_param('s', $selected);
return $result->execute();
}
$stmt = getProjectSites($selected);
$stmt->store_result();
/* Get the result */
$res = $stmt->get_result();
while ($row = $res->fetch_assoc()) {
//no rows are output
You can try this ->
function getProjectSites($selected){
global $db;
$result = $db->prepare("SELECT DISTINCT site_location, id FROM projects WHERE project_name_id = ? ORDER BY site_location");
$result->bind_param('s', $selected);
return $result->execute();
}
$stmt = getProjectSites($selected);
$stmt->store_result();
// Fetch a record. Bind the result to a variable called 'value' and fetch.
$stmt->bind_result($value) ;
$res = $stmt->fetch() ;
if($res)
{
//This is just an example you do your code here
echo "data length is " . strlen($value);
}