Convert MySQL PHP Code to include MySQLi Prepared Statements
£10-20 GBP
In Progress
Posted over 8 years ago
£10-20 GBP
Paid on delivery
ONLY BID IF YOU CAN START AND COMPLETE IMMEDIATELY!
Simple Task - Convert this short piece of code to include prepared statements for efficiency and security. I'm aware it's poorly designed thats what I need you to fix. Plenty more work for best cost and quality work,
$mysqli = new mysqli($servername, $username, $password, $dbname);
/* check connection */
if ($mysqli->connect_errno) {
printf("Connect failed: %s\n", $mysqli->connect_error);
exit();
}
if ($_GET['sort'] == 'date') { $sort_query = 'outbounddeparture ASC';}
else {$sort_query = 'priceperadult ASC';}
$form_airport = $_GET['form_airport'];
$form_lessthan = $_GET['less-than'];
$from_month = $_GET['month'];
$date = $from_month;
$startdate = date("m", strtotime ( $date ) );
$enddate = date("m", strtotime ( '+1 month' , strtotime ( $date ) ));
$destination = $_GET['form_destination'];
if ($from_airport == 'LON') {$airport_query = " AND outbounddepartureairport IN ('LHR','LGW','STN','LTN','SEN')";}
else{$airport_query = "AND outbounddepartureairport = '{$form_airport}'";}
$query = "SELECT MIN(priceperadult), hotelname, priceperadult, duration, outbounddepartureairport, deeplinkurl, hotelidentifiercode, outbounddeparture
FROM search_results
WHERE priceperadult < '{$form_lessthan}'
".$airport_query."
AND outbounddeparture >= '2016-{$startdate}-01'
AND outbounddeparture < '2016-{$enddate}-01'
AND outbounddeparture < '2016-{$enddate}-01'
AND holidayresort = '{$destination}'
GROUP BY hotelname
ORDER BY {$sort_query}
";
$result = $mysqli->query($query);
while ($row = $result->fetch_assoc()) :?>
...........
Hello!
With 98% to 99% completion rate, 850+ successfully completed projects, and a 5.00 reputation (maximum possible, 5.0) (Yes, not even 4.99 average rating, can be verified on my profile page https://www.freelancer.com/u/rajeshsonisl.html !!)... you can never go wrong choosing me :)
I am available to get started on your project right away. I look forward to your reply.
Thanks.
Kind Regards,
Rajesh Soni
I read your project description and that make sense , at there you described issue very well. I know all stuff good that you want for this job, PHP, javascript, mysql, html, etc very well. I can manage this job very well for you. Thank
Hello, i have checked your project and would like to have your project. I am confident to fulfill your requirements in timely manner, along with quality work. Please check your pmb.
Dear Sir
I am ready to convert this short piece of code to include prepared statements for efficiency and security right away.
Please discuss details in chat.
Waiting for your early reply.
Thanks
Hi Sir,
I already worked with PHP and MySQL for various projects.
I can do it today. I will use PDO PHP tutorial to create prepared statement to make neater query.
Once approved I will start.
Thanks
As requested, I can start on this immediately and have it delivered as soon as it is completed.
Conversion of this to prepared statements would require testing, so if possible, can you send me the schema of your database and a bit of information to populate the table in order to properly test my statements without affecting your current database?
This will take no longer than 2 hours.