This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Reference - What does this error mean in PHP?
(38 answers)
Closed 5 years ago.
One of my MySQL columns contains a hyphen. While the query works fine when tested through a mysql browser, it returns the key rather than the value when using using php mysqli_fetch_array($result).
The query I am running looks like this:
if($test_base_name==='isolation-mer') {
$test_name="`".$ds_channel[$i]."_isolation-mer`";
}
else {
$test_name=$ds_channel[$i]."_isolation-mer";
}
$query="select serial_number, $test_name from table_name";
if($result=mysqli_query($dbc,$query)) {
while($row=mysqli_fetch_arrya($result) {
$sid=$row['serial_number'];
$pass_fail=$row[$test_name];
...
The serial number is retrieved successfully. However, the $pass_fail variable always retrieves nothing. The test name is embedded with quotes. Even if I hardwire the key name within all kinds of quotes, it always retrieves the key and not the value.
This is an old version of PHP and I wonder if that is the issue. Perl has no issues with this.
PHP reads the below code as a variable and not as the name of your database column:
$pass_fail=$row[$test_name];
The below code should work:
$pass_fail=$row['$test_name'];
Using ...
select serial_number, 'isolation-noise' from table_name
means that 'isolation-noise' is a literal value which is selected and will return a result set of (e.g.)
1234,'isolation-noise'
1235,'isolation-noise'
whereas...
select serial_number, `isolation-noise` from table_name
using backticks, will return the actual value of the column.
Update:
When doing the assignment - you definitely shouldn't have backticks in the name of the field, so
$test_name=$ds_channel[$i]."_isolation-mer";
$query="select serial_number, `$test_name` from table_name";
if($result=mysqli_query($dbc,$query)) {
while($row=mysqli_fetch_arrya($result) {
$sid=$row['serial_number'];
$pass_fail=$row[$test_name];
So this always puts backticks round column name in the select statement and uses the raw name in fetching the data from the result set.
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 3 years ago.
I am trying to insert different jobs into a database and i want to check if there already is an entry for that job in the table. The idea was to use an SQL Statement that returns either true or false depending on the job existing in the table or not.
The connection is propperly established and i can get the values from a column using a SELECT statement as an array by using a similar syntax.
$sql = "SELECT COUNT(*) FROM job WHERE key = Pilot";
$result= $db->executeQuery($sql);
if($result == true) {
// action 1
}
else{
// action 2
}
the result from the executeQuery($sql) is a boolean but it always returns false, whether the job already exists or not but i was hoping to get true when the job exists.
Your SQL is invalid, key is a reserved word and should be quoted with backticks. Also the parameter you have should be quoted as well:
$sql = "SELECT COUNT(*) FROM job WHERE `key` = 'Pilot'";
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 4 years ago.
I have a value in my MYSQL database, all I want to do is to increase the current value with a new one, this is what I have tried
} elseif ($gametype == "veckanskluring"){
$sql = "UPDATE users SET veckanskluring='veckanskluring'+'$score' WHERE id='$id'";
$retval = mysql_query( $sql, $link );
echo "GAME == $gametype";
}
But for some odd reason, this won't work.
I have searched online and found examples, but they all look, almost exactly the same as my code.
// Sidenote this is not the whole code, obviously.
Everything except the part where I add the new value to the old value works, and if I remove 'veckanskluring'+ it updates without any problems.
I strongly believe something is wrong with this part - 'veckanskluring'+ as the other part works fine.
//NOTE2 score is always 999, just have it set to $score if I want to change it later.
UPDATE -
MY fault, apparently I had put '' around veckanskluring.
$sql = "UPDATE users SET veckanskluring=veckanskluring +'$score' WHERE id='$id'"; <-- Working.
Assuming that $score and $id are number you shoudl not use sigle quote around this vars
and assuming that veckanskluring is column name you must not use single quote aroud column name
"UPDATE users SET veckanskluring= veckanskluring +$score WHERE id=$id";
But the use of php var in sql is deprecated you at risk for sql injection .. take a look at your mysql driver for bindig param
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Reference - What does this error mean in PHP?
(38 answers)
Closed 5 years ago.
Trying to do a school project, essentially need to take the choice of animal from a dropdown menu, and add the ID of that animal to the order table of the database. dropdown is on a seperate page which works fine, and posts result to this page.
the code:
<?php
include_once("connect-db.php");
if(isset($_POST['Submit'])) {
$choice = $_POST['choice'];
$result = mysqli_query($mysqli, "SELECT * FROM animals WHERE AnimalSpecies=$choice");
while($res = mysqli_fetch_array($result))
{
$id = $res['AnimalID'];
}
$query = mysqli_query($mysqli, "INSERT INTO order('AnimalID') VALUES('$id')");
}
The connectdb file is fine, i have used it in another page. additionally, $choice is working fine, i had it echo manually and it shows the right value. I dont get any error message, it just doesnt add anything to the order table.
This question already has answers here:
Can I parameterize the table name in a prepared statement? [duplicate]
(2 answers)
Closed 8 years ago.
I'm trying to prepare the following code:
foreach((array)$problem as $word) { //cycles through each word in the problem, grabs tag name like word, looking through each separate tag table
foreach((array)$tables as $table) { //cycles through list of keyword tables, checks keywords against tables
$query = $mysqli->prepare("SELECT ?.name FROM ? WHERE ?.words LIKE '?'"); //grabs table name where keyword exists
$query->bind_param('ssss',$table,$table,$table,$word);
$query1 = $query->execute();
$resultThree::fetch_assoc($query1);
if(!is_null($resultThree)) { //if keyword exists
array_push($pretag, $resultThree['name']); //push to pretags
}
}
}
It returns saying "Call to a member function bind_param() on a non-object in /home/whatpzcp/public_html/test/search.php on line 25" (the prepared statement line). Apparently this means the MySQL didn't return anything, but this same code worked fine before I was using prepared statements and doesn't anymore, which is what is confusing me.
Go easy on me as this is my first program! Also, do I need to prepare ALL MySQL statements or just ones that deal with user input?
According to the PHP docs, you may not use ? binding variables "for identifiers (such as table or column names), in the select list that names the columns to be returned by a SELECT statement, or to specify both operands of a binary operator such as the = equal sign."
This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 8 years ago.
I'm having trouble figuring out what I'm doing wrong. If i use this set of code I get the result I intend:
$x = $db->prepare('SELECT * FROM table LIMIT 2');
$x->execute();
print_r($x->fetchALL());
When I use this set of code I don't get anything in return:
$a = "table";
$b = "2";
$x = $db->prepare('SELECT * FROM ? LIMIT ?');
$x->execute(array($a,$b));
print_r($x->fetchALL());
Is there something I'm missing? Thanks in advance.
Parameter placeholders can only be used to replace column values; not table names, column names, or other syntax elements (including LIMIT values).
In order to make your query dynamic with respect to things that can't be parameterized, you have to build it yourself, without PDO's help. However, you should still build it so that the values that can be parameterized, are paramerized.