I am getting result with $id='S%', but not with $id = $id.'%' when recieved $id = 's' by post
$id = $_POST['user_data'];
if($_POST['user_data'].lenght<2)
{
$query = "SELECT id, oauth_provider, first_name, last_name, email, phone, STATUS , picture, link, createdFROM users WHERE first_name LIKE ? ORDER BY id DESC " ;
$id = $id.'%';
echo ''.$id;
$stmt = $conn->prepare($query);
$stmt->bind_param('s', $id);
$stmt->execute();
$result = $stmt->get_result();
echo $result->num_rows;
}
ialready recieved $id= s by post also checked it by echo it.
output when id= $id='S%' :
9
output when id= $id=$id.'%' :
0
Your query seems to be wrong, it should be
$query = "SELECT id, oauth_provider, first_name, last_name, email, phone, STATUS , picture, link, created FROM users WHERE first_name LIKE ? ORDER BY id DESC " ;
and here is a workaround
$variable = mysql_real_escape_string($id);
$query = "SELECT id, oauth_provider, first_name, last_name, email, phone, STATUS , picture, link, created FROM users WHERE first_name LIKE '% $variable' ORDER BY id DESC";
Related
I am trying to SELECT data from one table based on the ID and then INSERT the returned data in to another table.
My code is:
<?php
require '../../db-config.php';
if(isset($_POST['course'])) {
$selected_courses = '('. implode(',', $_POST['course']) .')';
$status = 'Live';
$active = 'Y';
$stmt = "SELECT id, coursetitle FROM courses WHERE id IN ". $selected_courses ."
AND status = ?";
$stmt = $conn->prepare($stmt);
$stmt->bind_param('i', $selected_courses);
$stmt->execute();
$stmt->bind_result($id, $coursetitle);
while($stmt->fetch()) {
$stmt = $conn->prepare("INSERT INTO distributor_course_settings
(id, active, coursetitle) VALUES (?, ?, ?)");
$stmt->bind_param("iss", $id, $active, $coursetitle);
$stmt->execute();
}
}
?>
The error I am getting is: PHP Fatal error: Call to a member function
bind_param() on boolean
What is wrong with my code?
you can perform both actions (select and insert) in one query. Something like this:
INSERT INTO distributor_course_settings
(id, distributor, active, coursetitle)
SELECT id, '$distributer', 'Y', coursetitle
FROM courses
WHERE id IN ". $selected_courses ."
AND status = 'Live'
the values in select statement can be anything like string, php variable or a subselet statment like:
INSERT INTO distributor_course_settings
(id, distributor, active, coursetitle)
SELECT id, (select distributer from distributor_course_settings where id = 12), 'Y', coursetitle
FROM courses
WHERE id IN ". $selected_courses ."
AND status = 'Live'
and if its a php variable, you statement could look like this:
$stmt = "INSERT INTO distributor_course_settings
(id, distributor, active, coursetitle)
SELECT id, '".$distributor."', 'Y', coursetitle
FROM courses
WHERE id IN ". $selected_courses ."
AND status = 'Live'"
When a new client is buying a product I want to store the client details in the clients table and also store the appropriate client_ID in the orders table.
orders table:
order_ID product client
============================
1501 bag 1
1502 shoe 2
clients table:
client_ID name
=================
1 Frank
2 John
I found a solution, which is working, but I have the feeling, it is not the smartest solution.
$sql = "INSERT INTO clients(name) VALUES(?)";
$q = $con->prepare($sql);
$q->execute(array($name));
$sql = "INSERT INTO orders(product) VALUES(?)";
$q = $con->prepare($sql);
$q->execute(array($product));
$sql = 'SELECT * FROM clients ORDER BY client_ID DESC LIMIT 0, 1';
foreach ($con->query($sql) as $row) {
$client = $row['client'];
$sql = "UPDATE orders SET client = '$client' WHERE client IS NULL";
$query = $con->prepare($sql);
$query->execute();
}
My question is, is there a better way to do this?
(Remark: client_ID is AUTO_INCREMENT)
Get the last id inserted into the database:
$sql = "INSERT INTO clients(name) VALUES(?)";
$q = $con->prepare($sql);
$q->execute(array($name));
// Assuming you use PDO:
$clientId = $con->lastInsertId();
// For mysqli this would be:
// $clientId = $con->insert_id;
$sql = "INSERT INTO orders(product, client) VALUES(?, ?)";
$q = $con->prepare($sql);
$q->execute(array($product, $clientID));
I have a select that doesn't work.
$person = mysql_query ("Select personID from persons order by personID desc Limit 0,1");
$query_string = 'INSERT INTO topics (topic,
description,
abstract,
personID)
VALUES (?, ?, ?, ?)';
$query = $db->prepare($query_string);
$query->execute(array($_POST['topic'],
$_POST['description'],
$_POST['abstract'],
$person));
I dont understand where is the problem
$person is a mysql result, not any kind of value.
Try this:
list($person) = mysql_fetch_row(mysql_query("select personID from ....."));
Here is the problem...
$person = mysql_query ("Select personID from persons order by personID desc Limit 0,1");
Do this...
$result = mysql_query ("Select personID from persons order by personID desc Limit 0,1");
$row = mysql_fetch_array($result);
$person = $row['personID'];
you are mixing to fetch mysql inside mysqli try this.
$person = $db->prepare("Select personID from persons order by personID desc Limit 0,1");
$person->execute();
$person->store_result();
$person->bind_result( $personID ) ; // to bind the result as variable to use it later
$person->fetch();
$query_string = 'INSERT INTO topics (topic,
description,
abstract,
personID)
VALUES (?, ?, ?, ?)';
$query = $db->prepare($query_string);
$query->execute(array($_POST['topic'],
$_POST['description'],
$_POST['abstract'],
$personID));
$dbh = new PDO('mysql:host='.$server.';dbname='.$db, $user, $pass);
$st=$dbh->prepare('Select personID from persons order by personID desc Limit 0,1');
$st->execute();
$result=$st->fetchAll();
//FOR TEST PURPOSE TO MAKE IT EASY.
echo "<pre>";
print_r($result);
echo "</pre>";
//END TEST
echo $result[0]['personID'];
Try this PDO code to select and use data.PDO is a prefererred way. and also instead of mysql use mysqli.
we are unclear about your concern. it would be better if you copy paste the error message or make us clear by editing you post, saying what actually you want and what you are unable to do. hope my help works!!
I have a set of PDO statements that do not seem to be working. Basically I am trying to update the "waiting" value in 1 table and then select that same row and insert it into another table.
$statement = $db->prepare("UPDATE waiting SET wait = :status WHERE id = :id");
$statement->bindValue(':status', 0);
$statement->bindParam(':id', $id);
$statement->execute();
$statement = $db->prepare("INSERT INTO approved (fname, lname, student_id, email, type) (SELECT fname, lname, student_id, email, type FROM waiting WHERE id = :id)");
$statement->bindParam(':id', $id);
$statement->execute();
I've also tried setting $statement to null before I do the other query but that didn't work either:
$statement = $db->prepare("UPDATE waiting SET wait = :status WHERE id = :id");
$statement->bindValue(':status', 0);
$statement->bindParam(':id', $id);
$statement->execute();
$statement = null;
$statement = $db->prepare("INSERT INTO approved (fname, lname, student_id, email, type) (SELECT fname, lname, student_id, email, type FROM waiting WHERE id = :id)");
$statement->bindParam(':id', $id);
$statement->execute();
Any ideas why this isn't working?
Your insert query is syntactically wrong. Remove the brackets from around the select and it should work:
INSERT INTO approved (fname, lname, student_id, email, type)
SELECT fname, lname, student_id, email, type FROM waiting WHERE id = :id
In my search form I have, value male, value female, and value both. If you select both, I do not wish to have at WHERE the "sex = '$sex'"
Should i do it like this:
if(empty($sex)){ // value empty if you chose "both"
$query = "SELECT firstname, lastname, id, user_name, sex, last_access, bostadsort FROM users WHERE (firstname LIKE '%$firstname%' OR lastname LIKE '%$lastname%')";
}else{
$query = "SELECT firstname, lastname, id, user_name, sex, last_access, bostadsort FROM users WHERE (firstname LIKE '%$firstname%' OR lastname LIKE '%$lastname%') AND sex = '$sex'";
}
Or is there a smart way to write this?
Do never build an SQL string from user input. That's what prepared statements are for. They are secure, perform faster when re-executed and they're easy to use, so use them:
$sql = "
SELECT
firstname, lastname, id, user_name, sex, last_access, bostadsort
FROM
users
WHERE
(firstname LIKE '%'|| ? || '%' OR lastname LIKE '%'|| ? || '%')
AND Sex = CASE ? WHEN 'both' THEN Sex ELSE ? END
";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('ssss', $firstname, $lastname, $sex, $sex);
$result = $stmt->execute();
How about not repeating yourself:
$query = "SELECT firstname, lastname, id, user_name, sex, last_access, bostadsort FROM users WHERE (firstname LIKE '%$firstname%' OR lastname LIKE '%$lastname%')";
if(!empty($sex)){
$query = $query . " AND sex = '$sex'";
}
You could do this:
$sql = "SELECT ...";
if (!empty($gender))
{
$sql .= " AND gender = '$gender'";
}
And make sure to watch for sql injection.