1

Currently, I am developing a web application using php and MYSQL, I asked a question regarding some of my codes, and someone commented that I should used prepared statements on my SQL. please refer to this question How to add a text box with the reference count retrieved in the database using javascript?

On that Question, you will see on the comment section that I should use prepared statements, but I don't know if I am doing it right, Please see code below.

<?php
    include_once('pConfig.php');
    if (!isset($cID)){
        $cID = filter_input(INPUT_GET, "cIDs");
    }   
    if (!isset($ciCODe)){
        $ciCode = filter_input(INPUT_GET, "ciCodes");
    }   
    $strSQL = "SELECT * FROM tblreferences WHERE ci_ID = '$cID' AND ciCODe = '$ciCode'";
    $result= $db->query($strSQL);
    //$result = mysqli_query($db, $strSQL);
    if (!$result) {
        printf("Error: %s\n", mysqli_error($db));
        exit();
    }
    if ($result->num_rows > 0) {
        $json = mysqli_fetch_all($result, MYSQLI_ASSOC);
        echo json_encode($json);
    }
?>

Am I doing it right? Or there is something that I am missing. Actually, the code above is working fine, I am only confused if I used it right.

Thanks and Regards

EDIT

<?php
    include_once('pConfig.php');
    if (!isset($cID)){
        $cID = filter_input(INPUT_GET, "cIDs");
    }   
    if (!isset($ciCODe)){
        $ciCode = filter_input(INPUT_GET, "ciCodes");
    }   
    $stmt = $db->prepare("SELECT * FROM tblreferences WHERE ci_ID = ? AND ciCODe = ?");
    $stmt->bind_param('is', $cID , $ciCode);
    $stmt->execute();
    $result = $stmt->get_result();
    //$strSQL = "SELECT * FROM tblreferences WHERE ci_ID = '$cID' AND ciCODe = '$ciCode'";
    //$result= $db->query($strSQL);
    //$result = mysqli_query($db, $strSQL);
    if (!$result) {
        printf("Error: %s\n", mysqli_error($db));
        exit();
    }
    if ($result->num_rows > 0) {
        $json = mysqli_fetch_all($result, MYSQLI_ASSOC);
        echo json_encode($json);
    }
?>

Am I doing it right??

Ban Tot
  • 367
  • 2
  • 9

0 Answers0