This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 3 years ago.
I tried various ways to get the id from database but I can't get that Please help me!
Below is my query :
$username = $_POST['username'];
$query = "SELECT id FROM wp_users WHERE user_login ='".$username."'";
$result=mysqli_query($conn, $query);
if(mysqli_num_rows($result) == 1)
{
while($row = mysqli_fetch_array($result))
{
$id = $row['id'];
}
}
echo $id;
Also I tried this:
$query = "SELECT id FROM wp_users WHERE user_login ='$username'";
You should, at the very least, be using prepared statements in your queries if you're passing them user-supplied data.
use prepared statements ? and bind_param
use bind_result to bind the column to a variable. This variable is now bound by reference which means it will be updated on every iteration of the loop.
it is important to realize that you want to access the $id variable inside the loop as you're iterating over the dataset. If you use it outside/below the loop you are only working with the final row of data because it is being overwritten on every iteration.
turn on error reporting
Finally, I left your loop in place but usually, you'd only have a single user for a given username so you could use mysqli_fetch_assoc - Single Result from Database by using mySQLi
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$username = $_POST['username'];
$query = "SELECT id FROM wp_users WHERE user_login = ?";
$stmt = $conn->prepare($query);
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->bind_result($id);
while ($stmt->fetch()) {
echo "ID: $id\n";
}
$stmt->close();
Related
This question already has answers here:
Warning: mysqli_query() expects parameter 2 to be string, object given in
(2 answers)
Closed 3 years ago.
Can anyone help me with this error:
Warning: mysqli_query() expects parameter 2 to be string, object given .. on line 25.
<?php
session_start();
include('includes/dbcon.php');
$query = mysqli_query($con, "SELECT * FROM reservation WHERE r_date='".$date."'
if (!mysqli_query($con,$query))
{
$query = mysqli_query($con, "SELECT * FROM combo where combo_id=1");
$row=mysqli_fetch_array($query);
$price=$row['combo_price'];
$payable=$pax*$price;
<?php
session_start();
include('includes/dbcon.php');
// you're missing some syntax here..
// also your $query IS your query so it should be $query = "SELECT * FROM ";
$query = mysqli_query($con, "SELECT * FROM reservation WHERE r_date='".$date."'
// you don't need this above line.. it does it all right here...
if (!mysqli_query($con,$query))
{
$query = mysqli_query($con, "SELECT * FROM combo where combo_id=1");
$row=mysqli_fetch_array($query);
$price=$row['combo_price'];
$payable=$pax*$price;
// missing closing brackets. }
Your code has multiple problems. Missing ;, repeated calls to mysqli_query, SQL injection and no error checking.
Instead of checking whether the query was successful with if enable exceptions at the top of your file. Use prepared statements, preferably in object-oriented way.
session_start();
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); // this line enables exceptions
include 'includes/dbcon.php';
$stmt = $con->prepare('SELECT * FROM reservation WHERE r_date=?'); // ? is a placeholder for binding data
$stmt->bind_param('s', $date); // bind data to SQL statement as a string(s)
$stmt->execute();
$reservations = $stmt->get_result();
// if your SELECT found some record then loop on the result set fetching each row one by one
while ($row = $reservations->fetch_assoc()) {
$combos = $con->query("SELECT * FROM combo where combo_id=1"); // if there is no data to be bound then we can use query
$row = $combos->fetch_assoc(); // fetch the matching combo row
$price = $row['combo_price'];
$payable = $pax * $price;
}
Your variable named query should only be your... query
$result = mysqli_query($con, "SELECT * FROM reservation WHERE r_date='".$date."'";
Also even if you think you will get back a record, function mysqli_fetch_array
will always return an array. So you need to select the first item in the array and then the key or index.
$price = $row[0]['combo_price'];
Some code practices. Don't put everything inside your IF. Because if it fails $payable will be undefined and throw an error. Initialize it on top of your script. Also you need to store the return value of mysqli_query as you need to free the memory used for it.
mysqli_free_result($result);
This question already has answers here:
PHP Mysql delete Query not working properly
(3 answers)
Closed 3 years ago.
I tried to delete user from mysql database with this code
if (isset($_POST['user_delete'])) {
$key = $_POST['keyToDelete'];
$check = "DELETE FROM user WHERE id = ". $key or die(mysqli_error($connection));
$result2 = $connection->query($query);
if($result2->num_rows >0){
$query_delete = "DELETE FROM user WHERE id =". $key or die(mysqli_error($connection));
var_dump($query_delete);
} else {
}
but it don't want to delete my database. but the sql already right and I also got the id because I tried to var_dump it. please help what was wrong with my code
You have a few issues here,
Your or die(mysqli_error($connection)) is to the querystrings, not the actual queries. Besides, instead of manually checking for errors it's much better to configure to throw errors automatically. For this add the following line to the connection code:
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
You attempt to delete it twice? Though the second query is never executed, you just define the querystring (and never run it).
num_rows is only usable on select-statements. You want affected_rows to check if the query actually deleted any data.
You're not using a prepared statement.
if (isset($_POST['user_delete'])) {
$key = $_POST['keyToDelete'];
$query = "DELETE FROM user WHERE id = ?";
$stmt = $connection->prepare($query);
$stmt->bind_param("s", $key);
$stmt->execute();
if ($stmt->affected_rows) {
echo "Deleted ".$stmt->affected_rows." rows";
} else {
echo "No rows matched the criteria.";
}
$stmt->close();
}
This question already has answers here:
Can I parameterize the table name in a prepared statement? [duplicate]
(2 answers)
Closed 5 years ago.
I try to prepare statement to sql (mysqli) in php, but there is an error code as written above. This is the code I wrote:
if (!$this->isUserExist($username, $token)) {return false;}
$tables = array();
$tables[0] = "faculty";
$tables[1] = "department";
$tables[2] = "teacher";
$tables[3] = "announcement";
$ttable = $tables[$table];
var_dump($ttable); // faculty
var_dump($id); // 6
echo "DELETE FROM ".$ttable." WHERE ".$ttable.".id = ".$id.""; //returns DELETE FROM faculty WHERE faculty.id = 6
$stmt = $this->con->prepare("DELETE FROM ? WHERE ?.id = ?"); //Fatal error occurs here
$stmt->bind_param("sss",$ttable,$ttable,$id);
//$stmt->execute();
if ($stmt->num_rows> 0) {
return "true";
} else {
return "false";
}
However if i insert exact statement without any placeholders that is shown in echo my i get no errors, and MySQL database successfully deletes row.
$stmt = $this->con->prepare("DELETE FROM faculty WHERE faculty.id = 6"); //no errors occur, executing this statement does affect row in MySQL database
The system doesn't allow to 'prepare' table names, You should do it this way
$stmt = $this->con->prepare("DELETE FROM ".$ttable." WHERE ".$ttable.".id = ?"); //Fatal error occurs here
$stmt->bind_param("s",$id);
please read this http://us3.php.net/manual/en/book.pdo.php#69304
Table and Column names cannot be replaced by parameters in PDO.
Do something like this:
$query = "DELETE FROM ".$ttable." WHERE ".$ttable.".id = ?";
$stmt = $this->con->prepare($query);
$stmt->bind_param("s",$id);
This question already has answers here:
return one value from database with mysql php pdo
(3 answers)
Closed 6 years ago.
I am trying to echo or print the last value of column usercode using PHP PDO. I tried to do this by using name column and SESSION var which will be the last values as references, but it doesn't work.
$name = $_SESSION['name'];
$query = $db->prepare("SELECT usercode from users where name = $name ");
$query->execute();
$result = $query->setFetchMode(PDO::FETCH_ASSOC);
echo $result;
Here you go:
$name = $_SESSION['name'];
$query = $db->prepare("SELECT usercode from users where name=:name");
$query = $db->bindParam(':name', $name);
$query->execute();
$row = $query->fetch();
echo $row['usercode'];
bindParam is used when you just want to bind a variable reference to a parameter in the query.
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
i am trying to check a data existence from mysql table but following script not working. bellow my codes are provided please find out where is my mistake there.
<?php
//including the database files
include("../inc/settings.php");
$email = $_POST['email'];
$password = $_POST['password'];
$query = mysql_query("SELECT easy123 FROM users WHERE email=$email", $conn);
if (mysql_num_rows($query) != 0)
{
echo "Username already exists";
}
else
{
echo "this username not used";
}
?>
The error i am getting is-
Warning: mysql_query() expects parameter 2 to be resource, object
given in C:\xampp\htdocs\myfiles\Easy123\master\login.php on line 8
Warning: mysql_num_rows() expects parameter 1 to be resource, null
given in C:\xampp\htdocs\myfiles\Easy123\master\login.php on line 10
this username not used
First of all, make sure your database connection is correctly set up. The error you're getting clearly says that your $conn variable isn't a valid resource.
Also, use prepared statements and parameterized queries. Do not use PHP variables within your query string, it's not secure at all. Use instead PDO or MySQLi
Using PDO:
$stmt = $pdo->prepare('SELECT easy123 FROM users WHERE email = :email');
$stmt->execute(array('email' => $email));
foreach ($stmt as $row) {
// do something with $row
}
Using MySQLi:
$stmt = $dbConnection->prepare('SELECT easy123 FROM users WHERE email = ?');
$stmt->bind_param('s', $email);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
// do something with $row
}
Your $query seems to be wrong. Try this:
$query = mysql_query("SELECT easy123 FROM users WHERE email='$email'", $conn);
Make sure $conn is properly defined aswell.