Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I can't figure out how to display the result of this query in PHP/MySql. I would like to use a prepared statement if possible.
SELECT count( DISTINCT(video_view_ip) ) FROM video_views
to fetch data from sql and print it using php please use this way
first connect to databse
$con = mysqli_connect("localhost","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysqli_select_db($con,"db_name");
and after connects, retrieve data from table
$sql_fetch_vide_count = "SELECT count( DISTINCT(video_view_ip) ) as video_count FROM video_views ";
$video_result = $con->query($sql_fetch_vide_count);
if (!$video_result) {
die('Could not enter data: ' . mysql_error());
}
//getting the date to array
$row_video = $video_result->fetch_assoc();
//Fetch the count result
$video_count = isset($row_video ['video_count ']) ? $row_video ['video_count '] : 0;
if you fetching all the data from database then use
$array_videos = array();
while ($row_video = $video_result->fetch_assoc()) {
$array_videos [] = $row_video ;
}
you can get all the data into the $array_videos as an array
First, we will need to acquire a connection to the database. For this, we will be using PDO:
<?php
$config = [
'driver' => 'mysql',
'host' => 'localhost', // replace this with the actual mysql host if needed
'port' => 3306, // default mysql port is 3306
'database' => 'my_database', // replace this with the database you are using
'username' => 'admin', // replace this with your username
'password' => 'password', // replace this with your password
];
$connection = new PDO(
vsprintf('%s:Server=%s,%s;Database=%s', [
$config['driver'],
$config['host'],
$config['port'],
$config['database'],
]),
$config['username'],
$config['password']
);
To keep the configuration private, you may store this in a separate file that is read-only. You may then read this configuration with parse_ini_file.
To run the query, and store the results we will have to do the following:
// in this case, we can use fetchColumn to retrieve the count, since it is a single value. However, we will usually want to use fetch() for most cases.
$count = $connection
->query('SELECT count( DISTINCT(video_view_ip) ) FROM video_views')
->fetchColumn();
To display the results, we can simply echo them out:
echo $count;
Check this for example on how to produce your output on php page
EDITED: Added prepared statement prior to OP request
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// prepare and bind
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);
// set parameters and execute
$firstname = "John";
$lastname = "Doe";
$email = "john#example.com";
$stmt->execute();
$firstname = "Mary";
$lastname = "Moe";
$email = "mary#example.com";
$stmt->execute();
$firstname = "Julie";
$lastname = "Dooley";
$email = "julie#example.com";
$stmt->execute();
echo "New records created successfully";
$stmt->close();
$conn->close();
?>
Related
This question already has answers here:
How to include a PHP variable inside a MySQL statement
(5 answers)
Closed 2 years ago.
All I want is to get the var1 from the input into my SQL table. It always creates a new ID, so this is working, but it leaves an empty field in row Email. I never worked with SQL before and couldn't find something similar here. I thought the problem could also be in the settings of the table, but couldn't find anything wrong there.
<input name="var1" id="contact-email2" class="contact-input abo-email" type="text" placeholder="Email *" required="required"/>
<form class="newsletter-form" action="newsletter.php" method="POST">
<button class="contact-submit" id="abo-button" type="submit" value="Abonnieren">Absenden
</button>
</form>
<?php
$user = "user";
$password = "password";
$host = "localhost:0000";
$dbase = "base";
$table = "table";
// Connection to DBase
$con = new mysqli($host, $user, $password, $dbase) or die("Can't connect");
$var1 = $_POST['var1'];
$sql = "INSERT INTO table (id, Email) VALUES ('?', '_POST[var1]')";
$result = mysqli_query($con, $sql) or die("Not working");
echo 'You are in!' . '<br>';
mysqli_close($con);
is the id a unique id? that's auto-incremented??
if so you should do something like this
<?php
$user = "user";
$password = "password";
$host = "localhost:0000";
$dbase = "base";
$table = "table";
$mysqli = new mysqli($host,$user,$password,$dbase);
$email = $_POST['var1'];
// you might want to make sure the string is safe this is escaping any special characters
$statment = $mysqli->prepare("INSERT INTO table (Email) VALUES (?)");
$statment->bind_param("s", $email);
if(isset($_POST['var1'])) {
$statment->execute();
}
$mysqli->close();
$statment->close();
Simple answer
There are a few things wrong here; but the simple answer is that:
$sql = "INSERT INTO table (id, Email) VALUES ('?', '_POST[var1]')";
...should be:
$sql = "INSERT INTO {$table} (id, Email) VALUES ('?', '{$var1}')";
...OR assuming id is set to auto-increment etc. etc.
$sql = "INSERT INTO {$table} (Email) VALUES ('{$var1}')";
More involved answer
You should really take the time to use prepared statements with SQL that has user inputs. At the very least you should escape the strings yourself before using them in a query.
mysqli
$user = "user";
$password = "password";
$host = "localhost:0000";
$dbase = "base";
$table = "table";
$mysqli = new mysqli($host, $user, $password, $dbase); // Make connection to DB
if($mysqli->connect_error) {
die("Error: Could not connect to database.");
}
$email = $_POST["var1"]; // User input from form
$sql = "INSERT INTO {$table} (Email) VALUES(?)"; // SQL query using ? as a place holder for our value
$query = $mysqli->prepare($sql); // Prepare the statement
$query->bind_param("s", $email); // Bind $email {s = data type string} to the ? in the SQL
$query->execute(); // Execute the query
PDO
$user = "user";
$password = "password";
$host = "localhost:0000";
$dbase = "base";
$table = "table";
try {
$pdo = new pdo( "mysql:host={$host};dbname={$dbase}", $user, $password); // Make connection to DB
}
catch(PDOexception $e){
die("Error: Could not connect to database.");
}
$email = $_POST["var1"]; // User input from form
$sql = "INSERT INTO {$table} (Email) VALUES(?)"; // SQL query using ? as a place holder for our value
$query = $pdo->prepare($sql); // Prepare the statement
$query->execute([$email]); // Execute the query binding `(array)0=>$email` to place holder in SQL
I have a simple application that needs to store sensitive data in a Wordpress installation.
The data comes from the user via a Form, and up until now, I have been storing the data using $wpdb->insert, however as we get closer to launching this project, I want to make sure that sensitive user information is encrypted, and only decrypted when read.
I have no clue how to make this work using the $wpdb class, so I resorted to using mysqli for this component. So far, I run the $wpdb->insert statement to insert all the normal data, then open a new connection to try and insert the sensitive data.
$id = $wpdb->insert_id;
$servername = 'localhost';
$username = 'root';
$password = 'root';
$db = 'wp_database';
$conn = new mysqli( $servername, $username, $password, $db );
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Fetch Data and store it
$sud = $form['sens_user_data'];
$key = 'mysecretkey';
$tbl = $wpdb->prefix . 'sensitive';
$sql = "UPDATE $tbl SET sens_user_data = AES_ENCRYPT(?, ?) WHERE id = ?";
if ( $stmt = $conn->prepare($sql) ) {
$stmt->bind_param('ssi', $sud, $key, $id);
$stmt->execute();
} else {
$error = $conn->errno . ' ' . $conn->error;
ChromePhp::log($error);
}
$conn->close();
This appears to work correctly, except all the values always encode to a single character, and then decode to NULL
What am I doing wrong?
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I have a problem dear stackoverflowers, could someone please help me out?
This is my code:
<?php
$host = "localhost";
$user = "root";
$pass = "password";
$db = "hotelcalifornia";
$room_Number = ($_POST['Room_Number']);
$room_Category = ($_POST['Room_Category']);
$room_Description = ($_POST['Room_Description']);
$room_Detail = ($_POST['Room_Detail']);
$conn = mysql_connect($host, $user, $pass);
$db = mysql_select_db($db, $conn);
mysql_select_db($db, $conn);
$sql = "INSERT TO room (roomNumber, roomCategory, roomDescription,roomDetail) VALUES ('$room_Number','$room_Category', '$room_Description','$room_Detail')";
mysql_query($sql, $conn);
?>
Can someone tell me why i can't insert this data into my table in the database?
It's not INSERT TO, it's INSERT INTO.Thus you shouldn't use mysql functions, instead use mysqli functions as your code is vulnerable to SQL injection.
$host = "localhost";
$user = "root";
$pass = "password";
$db = "hotelcalifornia";
$conn = new mysqli($host, $user, $pass, $db);
$room_Number = $_POST['Room_Number'];
$room_Category = $_POST['Room_Category'];
$room_Description = $_POST['Room_Description'];
$room_Detail = $_POST['Room_Detail'];
$sql = "INSERT INTO room (roomNumber, roomCategory, roomDescription,roomDetail) VALUES (?,?,?,?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param('iiss', $room_Number, $room_Category, $room_Description, $room_Detail);
if ($stmt->execute()) {
if($stmt->affected_rows > 0){
echo "New record created successfully";
}
} else {
echo "Error: " . $sql . "<br>" . $stmt->error;
}
$stmt->close();
Within the line $stmt->bind_param('iiss', $room_Number, $room_Category, $room_Description, $room_Detail); i corresponds to the integer where s corresponds to string by the order of the variables, which I assume $room_Number and $room_Category are integer values where $room_Description and $room_Detail are string values.
whats the solution for this problem Number of elements in type definition string doesn't match number of bind variables
session_start();
$regValue1 = $_GET['un'];
$regValue2 = $_GET['pass'];
$regValue3 = $_GET['fn'] ;
$regValue4 = $_GET['ln'];
$regValue5 = $_GET['age'] ;
$regValue6 = $_GET['sex'];
$regValue7 = $_GET['em'] ;
echo "hello: ".$regValue3.".";
$servername = "localhost";
username = "root";
$password = "b4sonic";
$dbname = "blog";
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$stmt = $conn->prepare("INSERT INTO register(un,pass,fn,ln,age,sex,email) VALUES (?,?,?,?,?,?,?)");
bind_param("sss",$regValue1,
$regValue2,$regValue3,$regValue4,$regValue5,$regValue6,$regValue7);
$stmt->execute();
echo "New records created successfully";
$stmt->close();
$conn->close();
?>
I have this code in php , i am trying to insert data to mysql but i face this problem Number of elements in type definition string doesn't match number of bind variables
Your type string in your statement doesn't have enough type specifiers in it.
bind_param("sss",$regValue1,$regValue2,$regValue3,$regValue4,$regValue5,$regValue6,$regValue7);
says that you have type "sss" which only corresponds to 3 of the 7 variables you specified. You need to add types for the rest.
From the documentation:
var1
The number of variables and length of string types must match the parameters in the statement.
The commands you are using are for using PDO to connect to an sql database and you are using mysqli. I gave an example using mysqli below that should work. The other option would be to change the connection to PDO type rather than mysqli.
<?php
session_start();
$regValue1 = $_GET['un'];
$regValue2 = $_GET['pass'];
$regValue3 = $_GET['fn'] ;
$regValue4 = $_GET['ln'];
$regValue5 = $_GET['age'] ;
$regValue6 = $_GET['sex'];
$regValue7 = $_GET['em'] ;
echo "hello: ".$regValue3.".";
$servername = "localhost";
$username = "root";
$password = "b4sonic";
$dbname = "blog";
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO register(un,pass,fn,ln,age,sex,email)".
"VALUES (`$regValue1`,`$regValue2`,`$regValue3`,`$regValue4`,`$regValue5`,`$regValue6`,`$regValue7`)";
$conn->query($sql);
echo $conn->affected_rows. " new records created successfully";
$conn->close();
?>
I've been messing about with this code for a few hours now and can't work out why it's not working. It's a profile update php page that is passed through JQuery and all seems to be fine except for it actually updating into the table. Here is the code I'm using:
session_start();
include("db-connect.php");//Contains $con
$get_user_sql = "SELECT * FROM members WHERE username = '$user_username'";
$get_user_res = mysqli_query($con, $get_user_sql);
while($user = mysqli_fetch_array($get_user_res)){
$user_id = $user['id'];
}
$name = mysqli_real_escape_string($con, $_REQUEST["name"]);
$location = mysqli_real_escape_string($con, $_REQUEST["location"]);
$about = mysqli_real_escape_string($con, $_REQUEST["about"]);
$insert_member_sql = "UPDATE profile_members SET id = '$user_id', names = '$name', location = '$location', about = '$about' WHERE id = '$user_id'";
$insert_member_res = mysqli_query($con, $insert_member_sql) or die(mysqli_error($con));
if(mysqli_affected_rows($con)>0){
echo "1";
}else{
echo "0";
}
All I get as the return value is 0, can anybody spot any potential mistakes? Thanks
To begin with, use
require("db-connect.php");
instead of
include("db-connect.php");
And now, consider using prepared statements, your code is vulnerable to sql injections.
Consider using PDO instead of the mysql syntax, in the long run I find it much better to use and it avoids a lot of non-sense-making problems, you can do it like this (You can keep it in the db-connect file if you want, and even make the database conncetion become global):
// Usage: $db = connectToDatabase($dbHost, $dbName, $dbUsername, $dbPassword);
// Pre: $dbHost is the database hostname,
// $dbName is the name of the database itself,
// $dbUsername is the username to access the database,
// $dbPassword is the password for the user of the database.
// Post: $db is an PDO connection to the database, based on the input parameters.
function connectToDatabase($dbHost, $dbName, $dbUsername, $dbPassword)
{
try
{
return new PDO("mysql:host=$dbHost;dbname=$dbName;charset=UTF-8", $dbUsername, $dbPassword);
}
catch(PDOException $PDOexception)
{
exit("<p>An error ocurred: Can't connect to database. </p><p>More preciesly: ". $PDOexception->getMessage(). "</p>");
}
}
And then init the variables:
$host = 'localhost';
$user = 'root';
$databaseName = 'databaseName';
$pass = '';
Now you can access your database via
$db = connectToDatabase($host, $databaseName, $user, $pass);
Now, here's how you can solve your problem (Using prepared statements, avoiding sql injection):
function userId($db, $user_username)
{
$query = "SELECT * FROM members WHERE username = :username;";
$statement = $db->prepare($query); // Prepare the query.
$statement->execute(array(
':username' => $user_username
));
$result = $statement->fetch(PDO::FETCH_ASSOC);
if($result)
{
return $result['user_id'];
}
return false
}
function updateProfile($db, $userId, $name, $location, $about)
{
$query = "UPDATE profile_members SET name = :name, location = :location, about = :about WHERE id = :userId;";
$statement = $db->prepare($query); // Prepare the query.
$result = $statement->execute(array(
':userId' => $userId,
':name' => $name,
':location' => $location,
':about' => $about
));
if($result)
{
return true;
}
return false
}
$userId = userId($db, $user_username); // Consider if it is not false.
$name = $_REQUEST["name"];
$location = $_REQUEST["location"];
$about = $_REQUEST["about"];
$updated = updateProfile($db, $userId, $name, $location, $about);
You should check the queries though, I fixed them a little bit but not 100% sure if they work.
You can easily make another function which inserts into tha database, instead of updating it, or keeping it in the same function; if you find an existance of the entry, then you insert it, otherwise you update it.