I am trying to return a value from my database based on a user input on my form.
When I run the code using a value it works but when I put in the variable it doesn't. I am sure it is something simple, but I just don't get it?
Here is the code that works:
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = '201'");
while($row = mysqli_fetch_array($sql_beam))
{
echo "<p>" . $row['cost_ft'] . "</p>";
echo "<br>";
}
When I change it to this it doesn't:
$beam_num = $_POST['Beam Number'];
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = '$beam_num'");
while($row = mysqli_fetch_array($sql_beam))
{
echo "<p>" . $row['cost_ft'] . "</p>";
echo "<br>";
}
You should never put any variable directly into a query. Google sql injection and how to prevent it.
Here is a simple example:
$sql = "SELECT cost_ft FROM Beams WHERE number = ?";
$stmt = $link->prepare($sql);
$stmt->bind_param("s", $beam_num);
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_assoc())
{
echo "<p>" . $row['cost_ft'] . "</p>";
echo "<br>";
}
Variables in a query work best when enclosed in curly brackets like this:
$beam_num = $_POST['Beam Number'];
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = '{$beam_num}'");
while($row = mysqli_fetch_array($sql_beam))
{
echo "<p>" . $row['cost_ft'] . "</p>";
echo "<br>";
}
That should solve the problem, if it doesnt then try this:
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = $beam_num");
I had that in one of my codes and it worked.
Change your second line to this:
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = '". $beam_num ."'");
Related
I've been throw so many threads for 4+ hours here and abroad and seem to be missing a simple thing.
I'm trying to have several users upload their 'news' to MYSQL.
Yet I want to display only the 'news' with the logged in username (userpost) attached to the row.
$current is the username for who is logged in, which works.
Example A isn't filtering out rows that don't contain the $current user.
Example B isn't providing any output
So I've tried both A:
$result = mysqli_query($con,"SELECT * FROM images_tbl");
//echo $current . "2" . $current;
while($row = mysqli_fetch_array($result)) {
if ($row['userpost'] = '.$current.') {
$num = 0;
$num = $num + 1;
$pic.$num = $row['images_path'];
$h1 = $row['hlone'];
and B:
$result = mysqli_query($con,"SELECT * FROM images_tbl WHERE (userpost = '.$current.')");
echo $current . "2" . $current;
while($row = mysqli_fetch_array($result)) {
echo $row['hlone'] . " " . $row['images_path'];
echo "<img src=\"" .$row['images_path']. "\">";
}
27, images/08-10-2014-1412752801.jpg(images_path), 2014-10-08, Headline(hlone), Headline2, story, testb(userpost)
Any help would be greatly appreciated.
Add where clause to your query
//in situation A
$result = mysqli_query($con,"SELECT * FROM images_tbl where username='".$current."'");
//username is column name for user you might have to change this
while($row = mysqli_fetch_array($result)) {
echo $row['images_path'];
echo $row['hlone'];
}
In situation B try this
$result = mysqli_query($con,"SELECT * FROM images_tbl WHERE userpost = '".$current."')");
echo $current . "2" . $current;
while($row = mysqli_fetch_array($result)) {
echo $row['hlone'] . " " . $row['images_path'];
echo "<img src=\"" .$row['images_path']. "\">";
}
Why are you trying to filter with PHP.
If you want to filter the 'news' that have not written by current user just use MySQL Where clause:
// For Example A
$result = mysqli_query($con, "SELECT * FROM images_tbl WHERE userpost != '{$current}'");
while($row = mysqli_fetch_array($result)) {
$pic = $row['images_path'];
$h1 = $row['hlone'];
}
// For Example B
$result = mysqli_query($con,"SELECT * FROM images_tbl WHERE userpost = '{$current}')");
echo $current . "2" . $current;
while($row = mysqli_fetch_array($result)) {
echo $row['hlone'] . " " . $row['images_path'];
echo "<img src=\"" .$row['images_path']. "\">";
}
It's easy with MySQL's filtering options. You should do more research about MySQL.
I am trying to return a value from my database based on a user input on my form.
When I run the code using a value it works but when I put in the variable it doesn't. I am sure it is something simple, but I just don't get it?
Here is the code that works:
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = '201'");
while($row = mysqli_fetch_array($sql_beam))
{
echo "<p>" . $row['cost_ft'] . "</p>";
echo "<br>";
}
When I change it to this it doesn't:
$beam_num = $_POST['Beam Number'];
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = '$beam_num'");
while($row = mysqli_fetch_array($sql_beam))
{
echo "<p>" . $row['cost_ft'] . "</p>";
echo "<br>";
}
You should never put any variable directly into a query. Google sql injection and how to prevent it.
Here is a simple example:
$sql = "SELECT cost_ft FROM Beams WHERE number = ?";
$stmt = $link->prepare($sql);
$stmt->bind_param("s", $beam_num);
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_assoc())
{
echo "<p>" . $row['cost_ft'] . "</p>";
echo "<br>";
}
Variables in a query work best when enclosed in curly brackets like this:
$beam_num = $_POST['Beam Number'];
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = '{$beam_num}'");
while($row = mysqli_fetch_array($sql_beam))
{
echo "<p>" . $row['cost_ft'] . "</p>";
echo "<br>";
}
That should solve the problem, if it doesnt then try this:
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = $beam_num");
I had that in one of my codes and it worked.
Change your second line to this:
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = '". $beam_num ."'");
I have a query to bring results from my database. It works... until there are more than 2 results that it, then it just repeats some results before adding in new ones.
I know it will be because my query is fairly poor, can anyone advise me?
The idea is
connect to database with photo links
get the default user picture as $profile_main
join the words "photo_" with the default picture number and call it
$answer (ex: column 'photo_1' in database)
now check the database again and get the results for $answer and
output all information from that database column.
$result = mysqli_query($con,"SELECT * FROM tbl_photos");
while($row = mysqli_fetch_array($result))
{
$profile_main = $row['default'];
$answer = "photo_" . $profile_main;
$result2 = mysqli_query($con,"SELECT $answer FROM tbl_photos");
while($row = mysqli_fetch_array($result2))
{
echo "<img src=\"" . $row[0] . "\">";
}
}
mysql_fetch_row returns numerical indexes instead of column names (so ['default'] just won't work)...
This is how I would do it if I'm understanding you correctly:
$result = mysqli_query($con,"SELECT * FROM tbl_photos");
while($row = mysqli_fetch_assoc($result))
{
$answer = $row['photo_'.$row['default']];
echo "<img src=\"" . $answer . "\">";
}
Anyway, this is assuming default and photo_x are in the same row.
If you want only one result for a photo then you can use LIMIT like this
SELECT $answer FROM tbl_photos LIMIT 1
First, both loops you set same $row variable. Use 2 different variable names so that the results don't get mixed up.
Second issue is that you have you have 2 loops , so it will show all results each time. You need to break in the second loop. Like this:
$result = mysqli_query($con,"SELECT * FROM tbl_photos");
while($row = mysqli_fetch_array($result))
{
$profile_main = $row['default'];
$answer = "photo_" . $profile_main;
$result2 = mysqli_query($con,"SELECT $answer FROM tbl_photos");
while($row2 = mysqli_fetch_array($result2))
{
echo "<img src=\"" . $row2[0] . "\">";
break;
}
}
Or by using only one query, it would be much more efficient:
$result = mysqli_query($con,"SELECT * FROM tbl_photos");
while($row = mysqli_fetch_array($result))
{
$profile_main = $row['default'];
$answer = "photo_" . $profile_main;
echo "<img src=\"" . $row[$answer] . "\">";
}
You only require 1 query.
TRY
$result = mysqli_query($con,"SELECT * FROM tbl_photos");
while($row = mysqli_fetch_array($result))
{
$photo = "photo_" .($row['default'];
echo "<img src=\"" . $photo . "\">";
}
I have used urldecode to receive a member ID from a previous site. The correct ID is being displayed in the URL but I can't fetch information from the database.
members.php:
<?php
$query = "SELECT name, memberID FROM members";
if(!$result = $db->query($query)){
die('There was an error running your query[' . $db->error . ']');
}
while($row = $result->fetch_assoc()){
printf ('<li>' . $row['name'] . '</li>');
}
?>
profiles.php:
<?php
$id = isset($_GET['memberID']);
$query = "SELECT * FROM members WHERE memberID = '".$id."'";
if ($result = $db->query($query)) {
while ($row = $result->fetch_assoc()){
printf("%s (%s)\n", $row["memberID"], $row['name']);
}
}
var_dump($query);
?>
All I get is a blank screen.
I found couple of problems in the code:
members.php
while($row = $result->fetch_assoc()){
printf ('<li>' . $row['name'] . '</li>');
}
Here you are using printf function which have 1st argument for format of string.
Correct that with echo statement as below:
while($row = $result->fetch_assoc()){
echo '<li>' . $row['name'] . '</li>';
}
profiles.php
$id = isset($_GET['memberID']);
Here you are setting the $id with isset() function return value.
You should instead set the value from GET parameter as below:
if(isset($_GET['memberID'])) $id = $_GET['memberID'];
See now if it's working.
Make sure that you use the correct capitalization of memberId vs. memberID. This is very important.
Do not pass values retrieved from GET/POST through urldecode. They already are.
Please try the following based on your code and let us know the results:
<?php
$id = isset($_GET['memberID']) ? $_GET['memberID'] : 0;
if($id > 0){
$query = "SELECT * FROM members WHERE memberID = '".$id."'";
$result = $db->query($query);
if($result){
echo "Rows found: " + $result->num_rows;
} else {
echo "No rows found";
}
} else {
echo "memberID is 0";
}
?>
Is memberID an int field in the database or a string field? If it is an int field then remove the single quotes in your query on profiles.php.
I just can't figure out why i get the error message, I have tried removing the'' and the()
I have run the script in phpmyadmin and it says the problem with my syntax is at $result = ("SELECT * FROM 'test_prefixCatagory' ORDER by 'Cat'");
$result = ("SELECT * FROM 'test_prefixCatagory' ORDER by 'Cat'");
while($row = mysql_fetch_array($result))
$sCat = ($row['Cat']);
$sCatID = ($row['CatID']);
{
echo "<table>";
echo "<tr valign='top'><td><b><a href='#".$sCat."'>".$sCat."</a></b><br>";
// column 1 categories
$result2 = ("SELECT * FROM `test_prefixSubCat` WHERE `CatID`=$sCatID");
// sub-cats
while($row2 = mysql_fetch_array($result2))
{
$sSub = ($row2['CatID']);
$sSubID = ($row2['SubID']);
echo "<dd><a href='#'>".$sSub."</a><br>";
}
echo "<br></td></tr>";
echo "</table>";
}
Do anyone have an idea?
Try this :
<?php
$result = mysql_query("SELECT * FROM `test_prefixCatagory ORDER by `Cat`");
while ($row = mysql_fetch_array($result)) {
$sCat = $row['Cat'];
$sCatID = $row['CatID'];
echo "<table>";
echo "<tr valign='top'><td><b><a href='#" . $sCat . "'>" . $sCat . "</a></b><br>";
// column 1 categories
$result2 = mysql_query("SELECT * FROM `test_prefixSubCat` WHERE `CatID`='".$sCatID. "'");
// sub-cats
while ($row2 = mysql_fetch_array($result2)) {
$sSub = $row2['CatID'];
$sSubID = $row2['SubID'];
echo "<dd><a href='#'>" . $sSub . "</a><br>";
}
echo "<br></td></tr>";
echo "</table>";
}
?>
$result = ("SELECT * FROM `test_prefixCatagory` ORDER by `Cat`");
Not only do you need to add mysql_query but you also need to remove the single quotes from the table name and field name. You can use backticks if you wish but not single quotes around table names.
$result = mysql_query("SELECT * FROM `test_prefixCatagory` ORDER by `Cat`");
// other query:
$result2 = mysql_query("SELECT * FROM `test_prefixSubCat` WHERE `CatID`=$sCatID");
When debugging MySQL problems, use mysql_error() to see a description of the problem.