0

I am currently trying to prevent sql injection by using mysqli statements. However, after completing this transition, I am not getting results from my database anymore. I have a form where users can select economic data by narrowing down year intervals, months out of the year, and a location.Here is my current coding issues: 

<?php

if (isset($_POST['submitted'])) {


$gYear = $_POST["year"];
$gYear2 = $_POST["year2"];
$gMonth = $_POST["month"];
$gSelect = $_POST["location"];

if ($gYear > $gYear2) {

die('ERROR: Your second year cant be a time period before the first year you selected');
}

else {

$query = $conn->prepare("SELECT $gSelect, Year FROM unemployed WHERE year BETWEEN ? AND ? and month= ?");
$query->bind_param('sss', $gyear, $gYear2, $gMonth);

$query->execute(); 

$result = = $conn->query($query)

echo"<table>";
echo "<tr><th>Year</th><th>Time</th><th>$gSelect</th></tr>";

while ($row = $result->fetch_object()){


echo "<tr><td>";
echo $row->Year;
echo "</td><td>";
echo $gMonth;
echo "</td><td>";
echo $row->$gSelect;
echo "</td></tr>";

}




echo "</table";

}

} // end of main if statement

?>

It worked before I tried updating my query to prevent injection. I am currently using php 5.2.14 to work on this in case you guys were wondering. Am I missing a statement? Can anyone help me figure out what my issue is? Any help would be greatly appreciated.

user2562125
  • 179
  • 1
  • 2
  • 10

1 Answers1

0
$query->get_result()

seems to be unavailable in your version of PHP. See here for a workaround.

Edit: Correction, thanks to comment

Community
  • 1
  • 1
santosh.ankr
  • 671
  • 4
  • 12