Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 5 years ago.
Improve this question
I need get Data form mySql and echo it . but show to me error ! please help me . I am amator . please check my code. (get Data form mySql and echo it - PHP)
my error in $result1=mysqli_query($link,$query1);
my PHP file :
<?php
$post_data=#$_POST['myjson'];
$post_data=json_decode($post_data,true);
$command=$post_data['command'];
$server="localhost";
$user="user";
$pass="pass";
$db="db";
$link=mysqli_connect($server,$user,$pass,$db);
mysqli_set_charset($link,"utf8");
if ($command=="get_contact") {
$id=$post_data['id'];
$query="select * from ad where id=$id";
$result=mysqli_query($link,$query);
$row=mysqli_fetch_assoc($result);
$num=mysqli_num_rows($result);
if ($num == 1) {
$query1="select * from user where id=$row['user_id']";
$result1=mysqli_query($link,$query1);
$row1=mysqli_fetch_assoc($result1);
$num1=mysqli_num_rows($result1);
if ($num1 == 1) {
$specifications=array("mobile"=>$row1["mobile"], "email"=>$row1["email"]);
echo "<b>".json_encode($specifications)."</b>";
} else {
echo "<b>Not Found</b>";
}
} else {
echo "<b>Not Found</b>";
}
exit();
}
?>
If you expect just one result of each query, you can get the same results with just one query instead of the two you have:
$query = "select user.* from user, ad where ad.id=$id and user.id = ad.user_id";
Also, you should use prepared statements to avoid sql injection instead of writing vars inside the sql queries.
Besides that, give more info in the error messages because now you don't know which error is returning.
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 5 years ago.
Improve this question
I am doing a system with php code,But delete function with SQL is not working.I don't know why it happens.
Below is my code:
function deleteEmployee($params)
{
$tid = $_SESSION['tmid'];
$data = array();
//print_R($_POST);die;
$sql = "delete from `cusinfo` WHERE TICKET_ID='".$params["id"]."' AND AGENT_CODE_STAFF_ID IN (SELECT id FROM `users` where tm_groupid = '$tid')";
echo $result = mysqli_query($this->conn, $sql) or die("error to delete employee data");
}
The problem probably is in the line echo $result = mysqli_query($this->conn, $sql) or die("error to delete employee data");
As I said in one comment, replacing the die string with mysqli_error($this->conn) should display an error.
However after some testing I found that assigning a variable in a echo might give strange results, i test echo $test = "hello" or die("test"); and found that neither hello nor test was displayed on the screen, but 1 was displayed, which probably was the boolean true.
A better way to see if the query was executed could be:
//other code that stayed the same
$statement = mysqli_prepare($this->conn, "delete from `cusinfo` WHERE TICKET_ID=? AND AGENT_CODE_STAFF_ID IN (SELECT id FROM `users` where tm_groupid = ?)");
$statement = mysqli_stmt_bind_param($this->conn, $params['id'], $tid); //
$sql = msyqli_stmt_execute($statement); // returns either true or false
if ($sql === true) {
echo "Successfull"; // executing successfull code
}
else {
var_dump(mysqli_stmt_error_list($statement)); // handling error
die;
}
This will handle some sql errors in a way that is expected(they are 'dumped and died').
Using prepared statements the correct way will mean that most sql injections are able to be stopped, and with a DELETE query, you want to make sure that sql injections are stopped.
Note: I am no expert on sql injections
Note 2: I would have used PDO for prepared statements though, it seems to me to be much more logical to work with
echo $result = mysqli_query($this->conn, $sql) or die("error to delete employee data");
In above line you are execution query and echo it. But if it is not executed you are echo your own message. This will prevent you from actual error message. And if the row that you are going to delete from TICKET_ID not exsist you cannot see it, you only see your message "error to delete employee data".
To solve this:
echo mysqli_error($this->conn);
This will give you connection error.
Or:
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if ($result) {
echo "Record deleted successfully";
} else {
echo "Error deleting record: " . $conn->error;
}
Many many function have to handle these errors. stackoverflow question, php manual and this.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
So basically I got this code right here:
<?php
include_once 'dbconfig2.php';
$con = new DB_con();
$table = "users";
if(isset($_GET['profile_id']))
{
$sql=mysql_query("SELECT * FROM users WHERE user_id=".$_GET['profile_id']);
$result=mysql_fetch_array($sql);
}
?>
I am clueless as to how I would make it so if the user_id is not existent in the records, they cannot view their profile but it leads them to another messsage or piece of code.
If the user_id doesn't exist, there won't be any rows in the result. When you try to read a row with mysql_fetch_array(), it returns FALSE. So you can simply test $result:
if (!$result) {
die("Invalid profile ID");
}
Try to use prepared statements using mysqli, in order to avoid sql injection.
By way of example:
$mysqli = new mysqli("localhost", "root", "root", "test");
if ($mysqli->connect_errno) {
echo "connect_error". $mysqli->connect_error;
}
$id = $_GET['profile_id'];
$result = $mysqli->prepare('SELECT name FROM users WHERE user_id = ?');
$result->bind_param("i", $id);
$result->execute();
$result->bind_result($col1);
$result->fetch();
$is_valid_profile = (!$col1) ? 'Invalid profile' : 'Valid profile';
echo $is_valid_profile;
$result->close();
http://php.net/manual/en/mysqli.prepare.php
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
i have the following php:
<?php
$connection=mysqli_connect("host","user","pass","db");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($connection,"SELECT ID FROM tbname");
while($row = mysqli_fetch_array($result))
{
mysqli_query($connection,"UPDATE tbname SET amount= (amount+ 1) WHERE ID='$row[ID]' ");
}
mysqli_close($connection);
echo 'OK'; ?>
I want to 'corelate' the pressing of a button to update the associated row value from the table but when i use this code i get all my values updated. Can anyone help me ?
This assumes that your ajax request is passing an 'id' parameter. Note that this code is open to SQL injection attacks. I am assuming that you know how to properly sanitize your inputs and parameterize your queries to protect yourself. If you don't, Jay's answer includes some good links that you should check.
<?php
if(!empty($_POST["id"]))
{
$id = $_POST["id"];
$connection=mysqli_connect("host","user","pass","db");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit;
}
mysqli_query($connection,"UPDATE tbname SET amount= (amount+ 1) WHERE ID = '" . $id . "'");
mysqli_close($connection);
echo 'OK';
}
else
{
echo 'NO ID PASSED';
}
?>
You have to properly identify the variable in the array and concatenate the variable in the query:
mysqli_query($connection,"UPDATE tbname SET amount = amount+ 1 WHERE ID='" . $row['ID']. "' ");
you also do not need the parentheses around the calculation in the SET clause.
Since you're selecting all of the rows in your table and then looping through all of the rows and changing the value, which is not what you want, you have to select with a filter:
SELECT ID FROM tbname WHERE *some condition is met*
Once you do that you'll be able to update a subset of your records as you desire.
Since you're using MySQLi you should learn about prepared statements for MySQLi to guard yourself from potential SQL Injection Attacks.
in addition you should employ error checking, such as or die(mysqli_error()) to your connection and queries. If not you'll have to look in your error logs to fish out any problems that you could have with these.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
require("./connect.php");
$getid = $_GET['id'];
$getusername = mysql_query("SELECT username FROM user WHERE id='$getid'");
$getdesc = mysql_query("SELECT description FROM user WHERE id='$getid'");
echo "$getusername $getdesc";
I am having trouble, it is not echoing the data from those variables. I is returning resource id #10 and #11.
You need to fetch the data first before you can use the mysql_query result...
please see the example in the PHP Documentation
https://php.net/manual/en/function.mysql-fetch-row.php
<?php
$result = mysql_query("SELECT id,email FROM people WHERE id = '42'");
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
echo $row[0]; // 42
echo $row[1]; // the email value
?>
Warning:
This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used.
pdo : https://php.net/manual/en/book.pdo.php
mysqli : http://www.php.net//manual/en/book.mysqli.php
You are trying to print out the resource ID of the query you just ran.
To get to the actual results you have to specifically request it.
mysql_fetch_assoc($getusername); //should be used!
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Closed 8 years ago.
Improve this question
I made a new table , everything worked.
CREATE TABLE IF NOT EXISTS logdata (
email varchar(30),
password varchar(20),
username varchar(15),)
Inserted the id auto increment code
,and some data :
INSERT INTO logdata(email,password,username,id) VALUES('test#test.org','testtest1','test',' ')
Everything worked here. When I try to output the data i dont get any results (except "ERROR"). I have no idea why.
<?php
error_reporting(E_ALL);
// here is where I set the connection , everything is working here
if(mysqli_connect_errno()){
echo "Could not connect to the database <br /><br />";
echo mysqli_connect_error();
exit();
}
$dostuff="SELECT * FROM logdata";
$query = mysqli_query($db_conn, $dostuff);
if($query == TRUE) {
echo "Succes!";
}
else{
echo "ERROR ";
echo mysqli_error($db_conn);
}
?>
In order to query something in your database, you have to provide a query to it. Your query variable is an empty string!!
$dostuff="";
It should have some SQL statements, like e.g:
$dostuff="SELECT * FROM logdata";
Or whatever.
UPDATE
I believe that using === to test the result will fail because the mysqli_query returns a mysql_result object, according to the docs:
Returns FALSE on failure. For successful SELECT, SHOW, DESCRIBE or EXPLAIN queries mysqli_query() will return a mysqli_result object. For other successful queries mysqli_query() will return TRUE.
So if its succeful it won't be === TURE for your SELECT statement and it will have no error. Your query is fine, just try this:
if ($query = mysqli_query($db_conn, $dostuff)) {
echo "Success!";
}
else {
echo "ERROR ";
echo mysqli_error($db_conn);
}
It should works.