2

I am quite new to PHP and not sure if I am executing my code correctly. While it does works as it is, I feel perhaps I am going in a round about way in executing the said queries. It seems the i cannot have more queries without closing the connection first then reopening it. Below is my code and any advice will be very welcome.

        //-----------------MAKE BOOKING-----------------//
        $AddBook = "CALL makeBooking((SELECT CustID FROM customer WHERE UserName = '$UserName'), '$PerfID', '$NumAdults', '$NumChilds', '$ColTicket', now());";
        if (mysqli_query($conn,$AddBook))
        {
            //----------------DEDUCT SEATS--------------//
            $SeatDeduction = "CALL deductSeats($TotalSeats,$PerfID)";
            mysqli_query($conn,$SeatDeduction);
            mysqli_close($conn);
            require ('connect.php'); 
            //-----------------GET BOOK ID--------------//
            $getBookID = "CALL getBookByUserName('$UserName')";
            $result2 = mysqli_query($conn, $getBookID);
            $Output2 = mysqli_fetch_assoc($result2);
            $BookID = $Output2['BookID'];
            mysqli_close($conn);
            require ('connect.php'); 
            $testing = "CALL setBookingPrice($BookID)";
            echo $testing;
            mysqli_query($conn,$testing);
            //---------------BOOKING CONFIRM------------//
            $ShowRef = 'The Booking Is Confirmed<p>Booking Reference Number: ' . $BookID . '<br>';
            $Confirm = $ShowRef;
        }
ababusa
  • 240
  • 2
  • 10
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Nov 05 '15 at 19:09
  • 2
    While you might get an answer or two, please go ahead and try to find a good tutorial. Additionally, you will get moans about SQL injection :-) – Jan Nov 05 '15 at 19:10
  • 1
    That's a good link Jay, helped me quite a lot, thanks man – ababusa Nov 05 '15 at 22:21

0 Answers0