<?php
require('db.php');
$_SESSION['sloggedIn']="yes";
$data1['first_name'] = $_SESSION['sfirstname'];
$data1['email'] = $_SESSION['semail'];
$sqlQuery = "SELECT first_name, email FROM otium where id = :id";
file_put_contents('log/DBErrors.txt', 'Connection: '.'rivi8'.$sqlQuery."\n", FILE_APPEND);
$kysely1 = $DBH->prepare($sqlQuery);
$kysely1->execute($data1);
// Loop the recordset $rs
// Each row will be made into an array ($row) using mysqli_fetch_array
//while($row = mysqli_fetch_array($rs)) {
// Write the value of the column FirstName (which is now in the array $row)
echo $sqlQuery['first_name'] . "<br />";
echo $sqlQuery['email'] . "<br />";
//}
?>
First time doing this php and i would like to print out user's logged in data, i have this code but is not working! please help
$sqlQuery is just string variable containing query, you can't expect it to be a array.
I guess you already got firstName and email from session then there is no need of executing sql query, just printing the session will make your job done.
echo $_SESSION['first_name'] . "<br />";
echo $_SESSION['email'] . "<br />";
Related
I was using the fetch_object function to retrieve rows from my table when it stopped working after I tried retrieving the avatar column.
include "db_conx.php";
$sql = ('SELECT uid,username,avatar,country FROM users ORDER BY uid DESC LIMIT 10');
$result = mysqli_query($db_conx, $sql);
while($var = $result->fetch_object()->avatar){
echo $var; echo "<br />";
}
Instead of returning the avatar, it returns blank instead. I thought it would at least display the directories I had for the avatars, so I'm quite perplexed. All the other columns I selected work fine though.
Try some thing like this
while($obj = $result->fetch_object()){
$var = $obj->avatar;
echo $var; echo "<br />";
}
You need to do in below ways:-
while($var = $result->fetch_object()){ // check change
echo $var->avatar; echo "<br />"; // check change
}
Or
while($obj = $result->fetch_assoc()){ // use assoc
echo $var['avatar']; echo "<br />";
}
I am trying to get my session variable username to work with my database by displaying user data from database according to username on the session.
But, my script does not work. What should I do here?
<?php session_start(); ?>
<?php include "includes/connection.php"; ?>
<?php
$query = mysql_query("SELECT id, username, password, email, name, aim, admin, time, phone, address
FROM users
WHERE username = $_SESSION['myusername']");
while($row = mysql_fetch_object($query) )
{
echo "$row->Id<br />";
echo "Username: . $row['id']";<br />"
//echo "$row->Password<br />";
//echo "$row->Email<br />";
//echo "$row->Name<br />";
//echo "$row->Aim<br />";
//echo "$row->Admin?<br />";
//echo "$row->Time<br />";
//echo "$row->Phone<br />";
//echo "$row->Address<br />";
}
?>
Instead of working, the script displays the below on the screen:
Please see on:
http://www3.londonmet.ac.uk:8008/~iia0014/userdetails.php
u have many things are wrong. u are mixing between html and php to use quotes.
and its different between Id and id
u must also escape your variables ,
look at this
$myusername = mysql_real_escape_string($_SESSION['myusername']);
$query = mysql_query("SELECT id, username, password, email, name, aim, admin, time, phone, address
FROM users
WHERE username = '".$myusername."' ");
while($row = mysql_fetch_array($query) )
{
echo $row['id'] ."<br />";
echo "Username:" . $row['username']."<br />" ;
....
.... //continue same method as above by caring the quotes in their places . dont mix them with php
}
?>
i advice you to use PDO or MYSQLI LOOK THIS is deprecated . so better turn to PDO or SQLI
mysql_fetch_object() is similar to mysql_fetch_array(), with one difference - an object is returned, instead of an array. Indirectly, that means that you can only access the data by the field names, and not by their offsets (numbers are illegal property names).
I have a table with about 500,000 rows, and need to query it to retrieve results. Basically the user just inputs a case number, and then I want to execute the following query and display the results using a while loop
if (!empty($_POST["casenum"])) {
$result2 = mysql_query("SELECT Box_Content.case_number, Transfer.number, Transfer.location, Box.number FROM Box_Content, Transfer, Box WHERE Box_Content.box_id = Box.id and Box.transfer_id = Transfer.id and Box_Content.case_number = '".$_POST['casenum']."'");
while ($row = mysql_fetch_array($result2)) {
echo "Case number: ".$casenum." text ";
echo "<br />";
}
} else {
echo "<h4>WARNING!!! Search criteria entered not valid. Please search again.</h4>";
}
What am I doing wrong here?
EDIT:
It works now if only one row is returned, but for two rows, it seems to be trying to print the entire table...
$casenum = $_POST["casenum"];
echo "<br />The case number entered is: $casenum<br />";
if (!empty($_POST["casenum"]))
{
$result2 = mysql_query("SELECT Box_Content.case_number, Transfer.number as transfer_number, Transfer.location as transfer_location, Box.number as box_number FROM Box_Content, Transfer, Box WHERE Box_Content.box_id = Box.id and Box.transfer_id = Transfer.id and Box_Content.case_number = '" . $_POST['casenum'] . "'");
while($row = mysql_fetch_array($result2))
{
print_r ($row);
echo "<br />";
echo "<b>Case number: </b>" . $row['case_number'] ."<br />";
echo "<b>Transfer number: </b>" . $row['transfer_number'] ."<br />";
echo "<b>Transfer location: </b>" . $row['transfer_location'] ."<br />";
echo "<b>Box number: </b>" .$row['box_number'] ."<br />";
}
}
else
{
echo "<h4>WARNING!!! Search criteria entered not valid. Please search again.</h4>";
}
var_dump($_POST);
Try:
while ($row = mysql_fetch_array($result2)) {
echo "Case number: ". $row['Box_Content.case_number'] ." text ";
echo "<br />";
}
$row['case_number'] will output the case_number retrieved for each row in your resultset.
However, you should look into doing one of two things:
Start using best practices.
Start using a non-deprecated SQL library (mysqli, PDO).
This query is susceptible to SQL injection:
"SELECT Box_Content.case_number, Transfer.number, Transfer.location, Box.number
FROM Box_Content, Transfer, Box
WHERE Box_Content.box_id = Box.id and Box.transfer_id = Transfer.id
and Box_Content.case_number = '".$_POST['casenum']."'"
Use mysql_real_escape_string($_POST['casenum']) to patch this.
Reference: http://php.net/manual/en/function.mysql-real-escape-string.php
The mysql_* functions have long been deprecated due to unprepared statement operations. Look into either mysqli or PDO for your project instead.
What am I doing wrong here?
1) $casenum isn't set in your code... (Please tell me it is nothing and you don't have register superglobals turned on?!) You would probably want $row['case_number']
2) But anyway, that's not really what you are doing wrong... Your biggest mistake is using user input without any kind of validation or sanitization...
Imagine if $_POST["casenum"] was equal to...
' or 1=2 union select user,password,email,salt from users
You seem to be using $casenum from nowhere.
Try:
while($row = mysql_fetch_assoc($result2))
echo "Case number: ".$row['number']." text <br />";
When using the mysql_fetch functions assoc will bring back named indexed data, num will bring back numberic indexed data and array will bring back both, so try to use one or the other.
Then when you do $row = mysql_fetch_assoc($result2) your essentially saying for each row of data returned store it as a (in this case associative) array in $row, so you can then access your data via the standard array commands ($row['foo']).
I'm working at this thing that takes information from a MySQL database that comes from a contact form and displays it all to the user. Well, I got that far without issues using:
$result = mysql_query("SELECT * FROM contact");
while($row = mysql_fetch_array($result))
{
echo $row['name'] . "<br/>" . " " . $row['email'] . "";
echo "<br/>";
echo $row['message'];
echo "<br />";
}
Now I would like to add a button next to each item that would single them out, basically taking me to a page where only the selected row shows up, not all of them, as happens on this page.
The thing is that i don't know how to do that. So, does anyone have any ideas?
Thanks!
Add a button that refreshes the page with a "GET" parameter, such as yourpage.php?uid=123; Then do
if ($_GET['uid'] !== null) {
$id = (int) $_GET['uid'];
$result = mysql_query('SELECT * FROM contact WHERE id='.$id);
...
}
There's a form called discussion.php, in which a user will fill out his/her question/discussion and post it to savedisc.php. Some of the savedisc.php looks like this:
$message = $_POST['message'];
$title = $_POST['title'];
$represents = $_POST['represents'];
//connect to database
//save the content of discussion/question into the database for future use
$sql="INSERT INTO Discussion (Message, Title, Type)
VALUES
('$message','$title','$represents')";
//Display user's question/discussion again
echo $message . "<br />";
echo $title . "<br />";
echo $represents . "<br />";
It is not shown above, but I am saving the id field manually, i.e. via phpmyadmin as a auto increment and primary key of course. Therefore, all of the values in the table Discussion will have their own unique id. Once the question/discussion is saved, I want to be able to display $title of each question on wb.php as a link, which as of now looks like this(some code from wb.php):
$result = mysql_query("SELECT * FROM Discussion ORDER BY id DESC");
//When user clicks the question/discussion Title, he/she will be directed to wbcomm.php
while($row = mysql_fetch_array($result))
{
echo "<a href='wbcomm.php' >{$row['Title']}</a><br />";
}
Until here, everything is working smooth. However, from here on, what I'm trying to do is, when the user clicks the question/discussion title via above code, I want him/her to be directed to wbcomm.php?id=1, where id=1 represents the unique id of the question/discussion. Some of the code from wbcomm.php is below:
if (isset($_GET['id']))
{
//connect to db
$wbid = mysql_real_escape_string($_GET['id']);
$sql = "SELECT * FROM Discussion WHERE id = '$wbid' LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows() > 0) {
$discussion = mysql_fetch_object($res);
//display member's question here:
echo $discussion['id'] . "<br />";
echo $discussion['Title'] . "<br />";
echo $discussion['Type'] . "<br />";
echo $discussion['Message'] . "<br />";
}
else {
// discussion does not exist with ID
}
}
However, for some reason, the result is blank. I.e. the question/discussion doesn't even show up. What am I doing wrong? Is my procedure even correct?
Thank you.
In your wb.php, you create a link to wbcomm.php but you are not passing the ID of the discussion, so your $wbid will be empty. You need to pass the ID along with the link, like this:
while($row = mysql_fetch_array($result))
{
echo "<a href='wbcomm.php?id={$row['id']}' >{$row['Title']}</a><br />";
}
Your ID column is an autoincrement int type so you do not need to put it in quotes or escape it. You should definitely test it to see if it's numeric, though.
Use this SQL mysql_num_rows($res) > 0