// Figure out the total number of results in DB:
$total_results = mysql_query("SELECT COUNT(*) FROM gallery_photos WHERE category_name='" . addslashes($cname) . "'");
if (!$total_results) {
die('Could not query:' . mysql_error());
}
$total_results = mysql_result($total_results, 0);
When I do that I am getting an error…
Fatal error: Call to undefined method mysqli::fetch_row() in C:\\wamp\\www\\viewgallery.php on line 184
http://php.net/manual/en/mysqli-result.fetch-array.php
The first example in the comments is looping through the results. This is probably what you want to do.
The Error message tells you that you’re trying to call the method fetch_row(), but this method doesn’t exists for mysqli. That’s why there’s an error message. Try fetch_array() instead (look at the example I just posted).
Dormilich, had no idea about pseudo codes. Sorry I am just learning all these concepts. User error or not, I could not get fetch_row to work. Yes MySQLi_result object was correct.
For pseudo-code, it’s a way to write your program with a ‘fake’ (and usually easier to write) code that you understand. That way, you can easily structure your functions, etc without having to write actual code. Then, you can base your real code on this pseudo-code. That’s something we learn in school in CS.
Actually. Preparing your queries doesn’t just prevent you from SQL injections if you don’t have any parameters, but it’s also good practice. You’re still giving an 80% chance of your code a safety risk if you don’t use prepares.
When you use prepare statements, you are separating the SQL stuff and the HTML stuff without manually escaping every single little $_POST, $_GET, $_DELETE, .etc.
If you find that preparing your queries is such a hassle, that’s fine by me. Just don’t use it then. It’s not my application that’s being spammed and hacked by 60 gazillion bots/ hackers.
There are so many people on every forum telling everyone to prepare your queries. Either use PDO, which is recommended and still requires prepares, but I don’t find PDO suitable for most applications. Or else prepare your statements in MySQLi. Even PDO has a regular query. All of these programming languages DOES NOT have a default query command so you’re basically choosing either prepare or query and risking your applications for SQL injections.