I feel like this is probably an easy one but just can't see it!
I've built a test where results are saved into a database table. At the moment it's saving a row for every test taken. The test can be taken until it's passed.
At the moment it's outputting every result (as it's looping over every result in the table).
How can I only output $row['testname']; once if the output of $row['pass-fail']; is "Pass"?
<?php $current_user = wp_get_current_user();
$user = $current_user->user_login;
require("database.php");
// Opens a connection to a MySQL server
$con = mysql_connect("localhost", $username, $password);
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("tester", $con);
$sql = mysql_query("SELECT * FROM test WHERE name='$user' ORDER BY Date DESC");
if (!$sql) {
die('Error: ' . mysql_error());
} ?>
<?php while($row = mysql_fetch_array($sql)) { ?>
<p><?php $testname = $row['testname']; echo get_the_title( $testname ); ?> - <?php echo $row['pass-fail']; ?></p>
<?php } ?>
<?php mysql_close($con); ?>
Use a WHERE clause in your query to only select the ones that have pass-fail equal to "Pass". Also, use prepared statements.
$current_user = wp_get_current_user();
$user = $current_user->user_login;
require("database.php");
// Opens a connection to a MySQL server
$conn = new mysqli("localhost", $username, $password, "tester");
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$stmt = mysqli_prepare($conn, "SELECT * FROM `test` WHERE `name`=? AND `pass-fail`='Pass' ORDER BY `Date` DESC");
$stmt->bind_param("s", $user);
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_assoc()) {
$testname_title = get_the_title($row['testname']);
echo "<p>{$testname_title}</p>";
}
$conn->close();
For this to work you must have the mysqlnd driver.
If you don't have this, I suggest PDO (which, IMO, is also easier to use in general) - If you need help learning how to use PDO for safe and secure queries, then you can check out this answer that I wrote that demonstrates a function that I wrote that makes Prepared Statements easy, clean, and secure. Alternatively you can learn more about Prepared Statements for MySQLi
Related
I have a table ("module databas") in a database in MySQL and I need to print out that table (very simple, two rows "Fnamn" and "Enamn" with names in it) on the server by writing a php script and using MySQL. Problem is : it doesn't work. The html part of the document (.php) works perfectly fine (the h1 appears on the screen) but I get nothing else. What could be the problem ?
Tried a few different ways to do it, even by copy/pasting from w3 schools (https://www.w3schools.com/php/php_mysql_select.asp) and changing a few variables, but nothing (had a "0 results" with this W3 one, and now nothing with the new one).
<h1>Script modul</h1>
<?php
$servername = "localhost";
$username = "antony";
$password = "thepassword";
$dbname = "antony";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$query = "SELECT * FROM moduledatabas";
$result = mysqli_query($query);
if (!$result) {
$message = 'Invalid query: ' . mysqli_error() . "\n";
$message .= 'Whole query: ' . $query;
die($message);
}
while ($row = mysqli_fetch_assoc($result)) {
echo $row['Fnamn'];
echo $row['Enamn'];
}
mysqli_free_result($result);
You have not pass $conn in your mysqli_query(),just change your code like below :
$query = "SELECT * FROM moduledatabas";
$result = mysqli_query($conn,$query);
For more info refer mysqli_query
I am having trouble with an SQL query that I have inserted into a piece of PHP code to retrieve some data. The query itself works perfectly within SQL. I am using the following PHP script.
I have the following objectives:
Connect to the existing database. This part works well.
Get data from the column 'Brand' of the table 'Transport' in $sql. This part is not working at this stage. echo ($sql) returns SELECT Brand FROM Transport WHERE Type = 'car'
Could you please let me know if you see the solution to this issue and if the remaining part of the code is correct. This is my f_sqlConnect()
function f_sqlConnect() {
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!link) {
die('Could not connect: '.mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!$db_selected) {
die('Can not use'.DB_NAME.
': '.mysql_error());
}
}
/*This function cleans up the array to protect against injection attacks */
function f_clean($array) {
return array_map('mysql_real_escape_string', $array);
}
<?php
// Create connection
$link = f_sqlConnect();
// Getting data from the column Brand of the table Transport
$sql = "SELECT Brand FROM Transport WHERE Type = 'car'";
$result = $link->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "Brand: " . $row["Brand"]. "<br>";
}
} else {
echo "0 results";
}
$link->close();
?>
Here is the code, without seeing your f_sqlConnect(); mothod. This method should return connection string for DB in your case. But you can use following code this must work.
<?php
$servername = "Your_db_host";
$username = "your_db_username";
$password = "your_db_password";
$dbname = "your_DB_name";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT Brand FROM Transport WHERE Type = 'car'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "Brand: " . $row["Brand"];
}
} else {
echo "0 results";
}
$conn->close();
?>
NOTE: Object oriented way of mysqli, You can use procedural way too to connect and get data.
I make a random quote app, in which by pressing a button, i can load one random phrase. I created for this a MySQL database, and two php code.
I upload my two code in a web hosting, and the app is running!
But sometime it gives me "null" instead of the phrase. I don't know why.
I'm not very good with this.
What is probably the problem?
This is my index.php
require_once 'db.php';
$query = "SELECT * FROM quotes ORDER BY rand() LIMIT 1";
$result = mysqli_query($con, $query);
while($row = mysqli_fetch_array($result)) {
print(json_encode($row['quote']));
}
And this is my db.php
// Create connection
$con=mysqli_connect("host","user","pass","a6361246_phrases");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
You can use the first three lines in your db.php file like this...
<?php
$host = 'localhost'; $db = 'database-name'; $user = 'database-user'; $pw = 'database-password';
$conn = new PDO('mysql:host='.$host.';dbname='.$db.';charset=utf8', $user, $pw);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
?>
Don't forget to change database-name, database-user & database-password to your specific credentials.
Then using PDO get your phrase like this...
<?php
require_once 'db.php';
try {
$sql = "SELECT * FROM Quotes ORDER BY rand() LIMIT 1";
$query = $conn->prepare($sql);
$query->execute();
$row = $query->fetch(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
die("Could not get the data: " . $e->getMessage());
}
?>
Here i am trying to pass the variable to php select query,but its not working.
couldn't figure out what is the problem.
code:
<?php
$cname = $_GET['c_name'];
include 'config.php';
$conn = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$sql = 'SELECT * FROM co_details where co_name="$cname"';
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0)
{
while($row = mysqli_fetch_assoc($result))
{
echo "<br>";
echo "Course Details <br>";
echo $row['co_name']."<br>";
echo $row['co_objectives']."<br>";
echo $row['co_outline']."<br>";
echo $row['co_prereq']."<br>";
echo $row['co_fee']."<br>";
echo $row['co_duration']."<br>";
}
mysqli_close($conn);
}
?>
what may be the reason?
Instead of variable $cname if i put the direct value then the query is executing successfully.
Note that single quoted strings like this one you have:
$sql = 'SELECT * FROM co_details where co_name="$cname"';
That variable that you think you have there will not get interpolated. It will only work by using double quoted strings.
$sql = "SELECT * FROM co_details where co_name='$cname'";
And as #Fred has said in the comments, stick with MySQLi including your connection error:
if(! $conn )
{
die('Could not connect: ' . mysql_error()); // mysql API doesn't belong
}
Change it to MySQLi interface:
if ($conn->connect_errno) {
die('Could not connect: ' . $conn->connect_error);
}
And you should have used prepared statements instead as this is prone to SQL injection.
<?php
if(!empty($_GET['c_name'])) {
$cname = $_GET['c_name'];
include 'config.php';
$conn = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
if ($conn->connect_errno) {
die('Could not connect: ' . $conn->connect_error);
}
$sql = 'SELECT co_name, co_objectives, co_outline, co_prereq, co_fee, co_duration FROM co_details WHERE co_name = ?';
$select = $conn->prepare($sql);
$select->bind_param('s', $cname);
$select->execute();
$select->store_result();
$select->bind_result($co_name, $co_objectives, $co_outline, $co_prereq, $co_fee, $co_duration);
while($select->fetch()) {
echo "<br/>
Course Details: <br/>
$co_name <br/>
$co_objectives <br/>
$co_outline <br/>
$co_prereq <br/>
$co_fee <br/>
$co_duration <hr/>
";
}
}
?>
You can't use $cname directly in the string: try as shown below:
$sql = "SELECT * FROM co_details where co_name='".$cname."'";
Hope, it helps!
You are using single quote don't do like that change the query like this
$sql = "SELECT * FROM co_details where co_name='$cname'";
I'm trying to connect to a database, check a column for whether a value exists or not, then execute a function based on whether or not that value exists.
Here's my code.
$con = mysql_connect('localhost','root','','users');
$sql = "SELECT * FROM allUsers WHERE username = '".mysql_real_escape_string($_POST["username"]) . "'";
$result = mysql_query($sql,$con) or die("Error occurred in [$sql]: " . mysql_error());
$count = mysql_num_rows($result);
if ($count != 0){
echo "Username is already taken";
echo "$count";
mysql_close($con);
}
else{
createUser($_POST["name"],$_POST["username"],$_POST["password"],$_POST["email"]);
}
The thrown error is:
Error occurred in [SELECT * FROM allUsers WHERE username = 'Admin']: No database selected.
I'm almost entirely sure that it comes from the $result line, but haven't a clue as to why.
I feel like this is a simple solution, and I'm just missing something minor.
I'm very new to MySQL (today is my first day, actually), so please keep solutions as simple as possible.
You forgot to call mysql_select_db after connecting:
$con = mysql_connect('localhost','root','');
mysql_select_db('users', $con);
Unlike MySQLi or PDO, mysql_* libraries does not take database as argument on the connection string, however if you were to migrate to either MySQLi or PDO.
MySQLi:
$con = new mysqli('localhost', 'root', '', 'users');
PDO:
$con = new PDO('mysql:host=localhost;dbname=users', 'root', '');
In MySQLi your code would look like this:
<?php
$host = "localhost";
$user = "root";
$pass = "";
$database = "users";
$con = mysqli_connect($host,$user,$pass,$database);
if($con->connect_error)
die('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
$stmt = $con->prepare("SELECT * FROM allUsers WHERE username = ? LIMIT 1");
$stmt->bind_param('s',$_POST["username"]);
if (!$stmt->execute())
die('Failed to excute with error ' . $con->error);
$stmt->store_result();
$count = $stmt->num_rows;
$stmt->close();
if ($count > 0)
{
echo "Username is already taken.";
}
else
{
createUser($_POST["name"],$_POST["username"],$_POST["password"],$_POST["email"]);
}
I think your error is quite obvious, you need to specify the database you want.
mysql_select_db("databaseName", $con);
With that taken care of, please, please don't use mysql_ libraries the are vulnerable to SQL injection and will soon be removed.