I've found many similar questions regarding this but anything I try won't work.
I'm trying to run a MySQL query using the variable $epost. When I echo this variable it displays correctly, but the query returns nothing. Entering a fixed value for $epost like:
$epost='email#email.com'
Returns the correct query from the database.
$epost=mysqli_real_escape_string($conn,$_POST['email']);
echo $epost;
$sql = "SELECT memberID FROM Member WHERE email = '$epost' limit 1";
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_assoc($result);
echo $row["memberID"];
Related
I am a little confused about how $query works and how I can find a value... Say I have a checkuser.php script. The purpose here is to echo "Correct" if the user already exists. I have the columns (username, password, email). What I want to know is how can I search the column username for value $username? This is what I have currently:
$query = sprintf("SELECT * FROM users WHERE CONCAT(username) LIKE '$u'");
$result = mysql_query($query);
if(mysql_num_rows($result) != 1)
echo "Username Not Found";
Thanks!
This should work. However, I didn't test it:
$query = "SELECT * FROM users WHERE username = '$u'";
$result = mysql_query($query);
if(mysql_num_rows($result) > 0)
echo "Username Not Found";
In your query, you do not need to use the sprintf() function at all. an SQL query is inserted as a regular string.
Furthermore you don't need to use CONCAT() SQL function either.
Then if you want to check against an exact string you can just compare with the = operator instead of using SQL LIKE statement.
I haven't tested it, but this should work:
$q=mysql_query("select ysername from user where username='$u'");
$count=mysql_num_rows($q);
If ($count>0) { echo "usename fount";};
I have a mysqli query given below
$content = mysqli_real_escape_string($link,$_GET['content']);
$query = "SELECT id,siteName,address,latitude,longitude,info,budget,tts,markerType FROM maptable WHERE siteName = '". $content ."'";
$result = mysqli_query($link, $query);
I'm currently confused right now because I am using this script for my ajax call but when i tried to remove the WHERE clause, the query function works, when I include the WHERE clause looking for the Id it still works but when I tried to use the WHERE clause on any database fields starting form siteName,address,etc it fails and returns an empty value how is that happening? is there something wrong with my query?
I need to retrieve a string from a query and then use that later on in another SQL query.
This is what I have, I'm retrieving the current branch ID for the currently logged in user:
$neededBranch = mysqli_query($con, "SELECT BranchNumber FROM Staff WHERE staffID = '".$_SESSION['username_login']."'");
And then I need to use said string here like this:
$result = mysqli_query($con, "INSERT INTO SomeTable (
blah,
blah,
)
VALUES ('".$SomeValue."',"
. " '".$_SESSION['username_login']."',"
. " '".$neededBranch."')");
Now, the ". " '".$neededBranch."')");" does not work because it is expecting a string.
My question is: How do I actually get the value I'm needing from the first query and use it in the second query? I'm new at PHP and don't have a clue.
Fetch the data you queried:
$result= mysqli_query($con, $query);//query is the select stmt
$row = mysqli_fetch_assoc($result);
$neededBranch = $row['BranchNumber'];
OK So I'm trying to access a table called emg_quote I have the Quote ID so Im trying to get the Column Subject from the same row as this ID but for some reason All I'm getting is the first row in the entire table? Can any one figure out what I'm doing wrong? Here is my coding:
$row['quote_id'] = quoteTitle($row['quote_id']);
function quoteTitle($quoteid){
global $db;
$sql = "SELECT subject FROM emg_quote WHERE ".$quoteid."";
$res = $db->query($sql);
$row = $db->fetch_row();
$output = $row['subject'];
return $output;
}
Are you using a custom object to wrap the native API's?
Either way it doesn't look right to me. You don't seem to be using the result of the query.
i.e.
$result = $mysqli->query($query);
$row = $result->fetch_row();
You have few bad practices in your code.
A. You lie on $quoteid to give you the correct where syntax. ie: ID=123
This is an highly unsafe method, because the user can change the it to Some-Important-Details='bla'
To extract more details from this table or others.
B. You should ALWAYS escape characters when receiving data from user, otherwise you easily subjected to SQL-Injections. And believe me you don't want it.
you have to use the checking after where.
use you column name before your $quoteid variable
$row['quote_id'] = quoteTitle($row['quote_id']);
function quoteTitle($quoteid){
global $db;
$sql = "SELECT subject FROM emg_quote WHERE quoteid=".$quoteid." LIMIT 1 ";
$res = $db->query($sql);
$row = $db->fetch_row();
$output = $row['subject'];
return $output;
}
Remember : USE limit 1 when you search with primary key and you know that only 1 record will be searched. it reduce your processing time.
You might be missing the where column.
$sql = "SELECT subject FROM emg_quote WHERE quote_id=".$quoteid."";
^^^^^^^^
We also do not see weather something with your Db class is wrong.
You should in any case not directly put request variables into a database query.
$sql = "SELECT subject FROM emg_quote WHERE ID='".$quoteid."'";
You had not wrote your db fieldname in where condition
I'm trying to pull some information from a database, and the connection is working, but for some reason it isn't recognizing my query, even though I confirmed the query in the database with SQL and had it "generate PHP code". The echo statement is coming up blank. It's a mySQL database. Thanks for your help.
$query = "SELECT `contact` FROM `contactinfo` WHERE member=\'Henry\'";
$contact = mysqli_query($db,$query);
echo $contact;
$contact contains MySQL result object you need to fetch data from this to use this in your application.
$query = "SELECT `contact` FROM `contactinfo` WHERE member = 'Henry'";
$contact = mysqli_query($db, $query);
while ($row = mysqli_fetch_row($contact)) {
echo $row[0]; // 0 to n indicates the Column(s) Selected in SELECT Query
}