This question already has answers here:
How to change mysql to mysqli?
(12 answers)
Closed 4 years ago.
I am facing an error as I'm about to launch my PHP files to a free web hosting site. The error showing up is given below:
And below is the code for my project.
$sql= "SELECT * FROM user WHERE staff_id='$staff_id' AND password='$password'";
$query = mysql_query($sql) or die("Error: " . mysql_error()); //this is error on line 42
$row = mysql_num_rows($query);
I'm not sure what the errors are as I am self-taught on PHP. hopefully you guys can point out what change i should make. Thanks in advance!
First, as you suggest in the title, use mysqli for security reasons, or even better, PDO.
With mysqli: (updated)
$stmt = $conn->prepare("SELECT COUNT(*) FROM user WHERE staff_id = :staff_id AND password = :password");
$res = $stmt->execute(["staff_id" => $staff_id, "password" => $password);
$row = mysqli_num_rows($res);
With PDO:
$stmt = $conn->prepare("SELECT COUNT(*) FROM user WHERE staff_id = :staff_id AND password = :password");
$res = $stmt->execute(["staff_id" => $staff_id, "password" => $password);
$row = $res->fetchColumn();
$conn being your database link. The PDO version assumes you don't need the rows but just the count. In case someone tells you to, don't use rowCount on SELECT query, that's not reliable.
$sql= "SELECT * FROM user WHERE staff_id='$staff_id' AND password='$password'";
$query = mysql_query($sql) or die("Error: " . mysql_error()); //this is error on line 42
$row = mysql_num_rows($query);
try this one
$sql= "SELECT * FROM user WHERE staff_id='$staff_id' AND password='$password'";
$query = mysqli_query($con, $sql) or die("Error: " . mysqli_error($con)); // $con is the connection to database like // $con = mysqli_connect("localhost","my_user","my_password","my_db");
$row = mysqli_num_rows($query);
Related
This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
Closed 5 years ago.
I am trying to fetch MySQL data using below code, but it seems have some mistake. Can anyone help please. Thank you!
<?php
$link = mysqli_connect("localhost", "myusername", "mypassword", "mydb") or die("Error " . mysqli_error($link));
$query = "SELECT * FROM users WHERE id=2";
$res = mysqli_query($link, $query);
$userRow = mysql_fetch_array($res);
echo $userRow["user_firstname"];
?>
Thank you #Mario
<?php
$link = mysqli_connect("localhost", "myusername", "mypassword", "mydb") or die("Error " . mysqli_error($link));
$query = "SELECT * FROM users WHERE id=2";
$res = mysqli_query($link, $query);
$userRow = mysqli_fetch_array($res);
echo $userRow["user_firstname"];
?>
I have looked for an answer for ages now, lots of similar questions but found no solutions yet...
Anyway,
all I am trying to do is get the id of a user from the database using a mysqli_query, the query seems to work when I use it in phpmyadmin but doesn't when I use it as part of a php script.
$username = "bob";
$db = mysqli_connect("localhost", "username", "password", "user_data");
$sql1 = "select id from user_information where username='$username'";
$id = mysqli_query($db, $sql1) or die(mysql_error());
echo $id;
The database connection works fine, I am able to input data through php.
Any suggestions? (Anyone's help is greatly appreciated).
you can't print the result from mysqli_query, it is mysqli_resource and for dumping the error you need to change mysql_error() to mysqli_error()
$username = "bob";
$db = mysqli_connect("localhost", "username", "password", "user_data");
$sql1 = "select id from user_information where username='$username'";
$result = mysqli_query($db, $sql1) or die(mysqli_error());
while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
echo $row['id'].'<br>';
}
My goal is to recieve 2 strings, an IP and UUID, and look in the database. If the UUID is already there, it adds the IP onto a list of IPs in the database. If not, it makes a new row in the database with that UUID and IP. Purpose is tracking user activity (Nothing malicious)
Code:
<?php
$cip = $_POST['ipaddr'];
$cid = $_POST['id'];
$conn = mysqli_connect('localhost', '*****', '*****', '*****');
$query = mysqli_query($conn, "SELECT * FROM sls WHERE asid='".$cid."'");
if(mysqli_num_rows($query) > 0){
$sql = "SELECT asid, ips FROM sls WHERE asid=$cid";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
$row = mysqli_fetch_assoc($result);
$cipdata = $row["ips"];
}
$sql = "UPDATE sls SET ips='$cipdata , $cip' WHERE id=2";
mysqli_query($conn, $sql);
} else {
$sql = "INSERT INTO sls (asid, ips) VALUES ('$cid', '$cip')";
mysqli_query($conn, $sql);
}
?>
Right now, it just adds a new row for every IP, regardless of UUID.
What did I do wrong?
-- Edit: Fixed typo, now it just adds the first IP, but after that does not add any more to the row.
Perhaps there is a small typo on this line:
$query = mysqli_query($con, "SELECT * FROM sls WHERE asid='".$cid."'");
Did you mean $conn, not $con? As in:
$query = mysqli_query($conn, "SELECT * FROM sls WHERE asid='".$cid."'");
Your connection param is $conn so just used this in every query command. some where you are using $con and somewhere $conn.
Check your code.
I am trying to display a record from my database, however the page appears blank and doesn't display the data I am expecting. The code follows below:
<?php
$mysqli = new mysqli(localhost, root, USERPASS, DBNAME);
$query = "SELECT * FROM usertable WHERE userID= '" . $_SESSION["sess_uid"] . "'";
$result = mysqli_query($mysqli, $query);
$row = mysqli_fetch_row($result);
echo $row['userQuestion'];
?>
Any help would be appreciated.
Thanks
<?php
// there need to be strings arguments here
$mysqli = new mysqli('localhost', 'root', USERPASS, DBNAME);
// sql injection friendly query
$query = "SELECT * FROM `usertable`
WHERE `userID`='{$_SESSION["sess_uid"]}' LIMIT 1;";
// do we have a result
if($result = mysqli_query($mysqli, $query)){
// fetch a single row
if($row = mysqli_fetch_row($result)){
// print the record
var_dump($row);
}
}
?>
You need to wrap 'localhost' and 'root' as strings.
mysqli_fetch_row returns a numerical array.
You can print the content of the record using var_dump or use mysqli_fetch_assoc instead.
This question already has answers here:
php/mysql with multiple queries
(3 answers)
Closed 3 years ago.
I've a doubt with mysqli_query..
this is a part of my code:
$con = db_connect();
$sql= "SET foreign_key_checks = 0; DELETE FROM users WHERE username = 'Hola';";
$result = mysqli_query($con, $sql);
return $result;
I can't do the query...
If I try to do a query like this:
$sql= "INSERT INTO categorias(id_categoria,name) VALUES ('15','ssss');";
It works.
What's the problem?? I can't use SET with mysqli_query?
Thanks
You can not execute multiple queries at once using mysqli_query but you might want to use mysqli_multi_query as you can find out in the official documentation:
http://www.php.net/manual/en/mysqli.multi-query.php
Lets start with creating a working php script.
<?php
// replace for you own.
$host ="";
$user = "";
$password = "";
$database = "";
$con= mysqli_connect($host, $user, $password, $database);
if (!$con)
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
else{
// Begin SQL query
$sql = "SELECT * FROM users";
$result = mysqli_query($con,$sql) OR Die('SQL Query not possible!');
var_dump($result);
return $result;
var_dump($result);
// End SQL query
mysqli_close($con);
};
?>
INSERT query:
$sql= "INSERT INTO categorias(name) VALUES ('ssss')";
mysqli_query ($con,$sql) OR Die('SQL Query not possible!');
UPDATE and DELETE query:
$sql= "DELETE FROM users WHERE username = 'Hola';";
$sql.= "UPDATE users SET foreign_key_checks = 0 WHERE username = 'Hola'"; /* I made a guess here*/
mysqli_multi_query ($con,$sql) OR Die('SQL Query not possible!');
Check the SET query. I think something is missing. I have changed it to what I think was your aim.
The connection should be established like this:
$Hostname = "Your host name mostly it is ("localhost")";
$User = "Your Database user name default is (root)"//check this in configuration files
$Password = "Your database password default is ("")"//if you change it put the same other again check in config file
$DBName = "this your dataabse name"//that you use while making database
$con = new mysqli($Hostname, $User , $PasswordP , $DBName);
$sql= "INSERT INTO categorias(id_categoria,name) VALUES ('15','ssss');";
In this query:
put categorias in magic quotes(`) and column names also
For your next query do this:
$sql= "SET foreign_key_checks = 0; DELETE FROM users WHERE username = 'Hola';";
Change to:
$sql= "SET foreign_key_checks = 0; DELETE FROM `users` WHERE `username` = 'Hola'";