I am trying to find the corresponding bookId for the bookName received from post in a way to avoid errors caused by quotes within the books name.
I am attempting to bind the param to $stmt
as $bookName
and storing the result as $stmt
but
echo $stmt;
gives this error:
Recoverable fatal error: Object of class mysqli_stmt could not be converted to string
So I am not sure what I am doing...
$bookName = trim($_POST['bookName']);
$sql = "SELECT bookId FROM Book WHERE bookName = ?";
if($stmt = mysqli_prepare($conn, $sql)){
mysqli_stmt_bind_param($stmt, "s", $bookName);
if((mysqli_stmt_execute($stmt))){
mysqli_stmt_store_result($stmt);
}
else{
header("location: error.php");
}
}
I was to save the bookId as $bookId
The following code does what I needed
if($stmt = mysqli_prepare($conn, $sql)){
mysqli_stmt_bind_param($stmt, "s", $bookName);
if((mysqli_stmt_execute($stmt))){
$result = mysqli_stmt_get_result($stmt);
while ($row = mysqli_fetch_array($result, MYSQLI_NUM))
{
foreach ($row as $r)
{
$bookId = $r;
}
}
}
else{
header("location: error.php");
}
}