include "inc/config.php";
$slot = $_GET['slot'];
$id = $_GET['id'];
$stmt = $link->prepare("UPDATE crany_cranies SET crany_slot?='0' WHERE crany_id=?");
var_dump($stmt);
$stmt->bind_param("ii", $slot, $id);
if ($stmt->execute() == TRUE) {
echo "You dropped item from the pet successfully";
} else {
echo "Error droping apparel: " . mysqli_error($link);
}
mysqli_close($link);
i wanted to drop an item from Requested slot. but i get this error:
Fatal error: Uncaught Error: Call to a member function bind_param() on bool in /home/vol6_8/epizy.com/epiz_23744660/htdocs/dropitem.php:8 Stack trace: #0 {main} thrown in /home/vol6_8/epizy.com/epiz_23744660/htdocs/dropitem.php on line 8
i know it’s belongs to this syntax:
crany_slot?='0'
i want the “?” becomes the requested slot. but that gave me the top error. i use this and works but it’s not safe at SQL injection.
crany_slot".$slot."
How should i put the “?” symbol near to the “crany_slot”.
You may need to use the following code that uses PDO instead of MySQLi Procedural to do it (in this version of the code there aren’t English grammatical errors anymore):
<?php
require "inc/config.php";
$slot = $_GET["slot"];
$id = $_GET["id"];
$sql = "UPDATE crany_cranies SET crany_slot:slot = '0' WHERE crany_id = :id";
if ($stmt = $link->prepare($sql)) {
$stmt->bindParam(":slot", $slot, PDO::PARAM_INT);
$stmt->bindParam(":id", $id, PDO::PARAM_INT);
if($stmt->execute()) {
echo "You've dropped the item from the pet successfully.";
} else {
echo "Error dropping the item from the pet because of a database error.";
}
}
?>
and modify the config.php to connect to the database using PDO.
You can post the code in a pastebin, so me and others can see it. Examples of pastebins are obviously Pastebin.com and 0bin, but 0bin is more secure and encrypted. Then post a direct link for your code stored on a pastebin.