0

I'm learning to use prepared statements to get content from the db. This is the code I cobbled together but it's not returning anything.

$question_id = strip_tags(mysqli_real_escape_string($conn, $_GET['id']));    
$sql = "
    SELECT
        *
    FROM
        question_index
    WHERE
        id = ? AND
        remove = '0' AND
        active = '1' AND
        publish_date <= '$current_time'
    LIMIT
        1
";

$stmt = $conn->prepare($sql);
$stmt->bind_param('i', $question_id);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
    // Localize 
    foreach($row as $key=>$value) { 
        ${$key} = $value;
    }

    // Current Question
    $current_question = $question;

    // Publish Date
    $current_publish_date = date('F d, Y g:i A', strtotime($publish_date));
}
Joseph Mok
  • 97
  • 2
  • 11
  • 3
    You don't need to escape with prepared statements. Is `$current_time` defined, why not prepare that? Does the query work on your DB? Do you get any errors? – chris85 Jul 01 '16 at 19:20
  • the query works with `mysqli_query()`. I'm not getting any errors, just a blank page. tried removing the escape and preparing `$current_time`, but got same result. And yes, `$current_time` is defined. – Joseph Mok Jul 01 '16 at 19:35
  • 1
    Are you outputting anything on this page? Have you checked the error log? – chris85 Jul 01 '16 at 19:39
  • yes, i'm outputting onto the page. I'm just modifying a pre-existing page that was using mysqli to connect. Found this in my php error log `PHP Fatal error: Call to undefined method mysqli_stmt::get_result() in C:\MAMP\htdocs\post.php on line 49` – Joseph Mok Jul 01 '16 at 19:47
  • 1
    Okay, then per that error take a look at http://stackoverflow.com/questions/8321096/call-to-undefined-method-mysqli-stmtget-result. – chris85 Jul 01 '16 at 19:48
  • icic, thx very much! – Joseph Mok Jul 01 '16 at 19:53

0 Answers0