Return to Answer

added 462 characters in body

Source Link

edited Aug 4, 2019 at 22:50

8.8k
1
17
31

I recommend writing session_start(); first and unconditionally.
!empty() performs two checks: if the variable isset() AND contains a non-falsey value. This means $obj != null is not necessary. That said, your while() loop will halt if $obj is falsey.
There's nothing wrong with using prepared statements, but for the record your first query will be just as stable/secure without it.
I noticed mysqli_close($db);. You should keep all of your query syntax object-oriented.
Rather than declaring new variables to feed to $stmt->bind_param() (single-use variables), just write the original variables as parameters. There isn't much benefit in adding more variables to global scope.

It looks like all roads lead to:
```
  header("Location: ../");
```

If this is true for you actual project script, write a single if block, then whether its contents are executed or not, after the condition block execute your redirect.

I recommend writing session_start(); first and unconditionally.
!empty() performs two checks: if the variable isset() AND contains a non-falsey value. This means $obj != null is not necessary. That said, your while() loop will halt if $obj is falsey.
There's nothing wrong with using prepared statements, but for the record your first query will be just as stable/secure without it.
I noticed mysqli_close($db);. You should keep all of your query syntax object-oriented.

I recommend writing session_start(); first and unconditionally.
!empty() performs two checks: if the variable isset() AND contains a non-falsey value. This means $obj != null is not necessary. That said, your while() loop will halt if $obj is falsey.
There's nothing wrong with using prepared statements, but for the record your first query will be just as stable/secure without it.
I noticed mysqli_close($db);. You should keep all of your query syntax object-oriented.
Rather than declaring new variables to feed to $stmt->bind_param() (single-use variables), just write the original variables as parameters. There isn't much benefit in adding more variables to global scope.

It looks like all roads lead to:
```
  header("Location: ../");
```

If this is true for you actual project script, write a single if block, then whether its contents are executed or not, after the condition block execute your redirect.

Source Link

answered Aug 3, 2019 at 6:13

mickmackusa

8.8k
1
17
31

I recommend writing session_start(); first and unconditionally.
!empty() performs two checks: if the variable isset() AND contains a non-falsey value. This means $obj != null is not necessary. That said, your while() loop will halt if $obj is falsey.
There's nothing wrong with using prepared statements, but for the record your first query will be just as stable/secure without it.
I noticed mysqli_close($db);. You should keep all of your query syntax object-oriented.