Getting so frustrated at learning this. But basically I had an error parsing HTML content to my server, the content cancelled out my query with an ‘ and it’s been a long time since I did PHP and MySQL, but IIRC I used to just use htmlentities to fix that but that didn’t work so someone told me I should use parsed statements. Now that’s where I’m at, but it’s giving out an error:
Fatal error: Using $this when not in object context in /customers/9/7/5/underbakke.net/httpd.www/bok-it/page-update.php on line 10
So here’s the code (Line 10 is the first line here):
$stmt = $this->mysqli->prepare("UPDATE bokit_custom SET content=?,
page=?,
name=? WHERE page=?");
/* BK: always check whether the prepare() succeeded */
if ($stmt === false) {
trigger_error($this->mysqli->error, E_USER_ERROR);
}
$id = 1;
/* Bind our params */
/* BK: variables must be bound in the same order as the params in your SQL.
* Some people prefer PDO because it supports named parameter. */
$stmt->bind_param('si', $content, $page, $name, $page);
/* Set our params */
/* BK: No need to use escaping when using parameters, in fact, you must not,
* because you'll get literal '\' characters in your content. */
$content = $_POST['content'] ?: '';
$page = $_POST['content'] ?: '';
$name = $_POST['content'] ?: '';
/* Execute the prepared Statement */
$status = $stmt->execute();
/* BK: always check whether the execute() succeeded */
if ($status === false) {
trigger_error($stmt->error, E_USER_ERROR);
}
printf("%d Row inserted.\n", $stmt->affected_rows);
