heyya all, well pdo is kinda new to me and i sure got no idea how to get this bit of code converted into pdo, if one of you could help me out in this would really be a great help
here is my code
$unique_ref_length = 8;
$unique_ref_found = false;
$possible_chars = "23456789BCDFGHJKMNPQRSTVWXYZ";
while (!$unique_ref_found) {
$unique_ref = "";
$i = 0;
while ($i < $unique_ref_length) {
$char = substr($possible_chars, mt_rand(0, strlen($possible_chars)-1), 1);
$unique_ref .= $char;
$i++;
}
$query = "SELECT * FROM table WHERE ref ='".$unique_ref."'";
$result = mysql_query($query) or die(mysql_error().' '.$query);
if (mysql_num_rows($result)==0) {
$unique_ref_found = true;
}
}
$ref = $unique_ref;
its fixed nevermind and thanks
$qry = "SELECT * FROM table WHERE token ='".$unique_ref."'";
$stm = $db->prepare($qry);
$stm->execute();
if ( $row = $stm->rowCount()==0) {
$unique_ref_found = true;
}
Related
In my code am trying to verify if query is true before outputing result i have tried:
require("init.php");
if(empty($_GET["book"]) && empty($_GET["url"])) {
$_SESSION["msg"] = 'Request not valid';
header("location:obinnaa.php");
}
if(isset($_GET["book"]) && isset($_GET["url"])) {
$book = $_GET['book'];
$url = $_GET['url'];
$drs = urldecode("$url");
$txt = encrypt_decrypt('decrypt', $book);
if(!preg_match('/(proc)/i', $url)) {
$_SESSION["msg"] = 'ticket printer has faild';
header("location:obinnaa.php");
exit();
} else {
$ql = mysqli_query($conn, "select * from books where book='$txt' AND used='loading'");
$count = mysqli_num_rows($sql);
if($count < 1) {
$_SESSION["msg"] = 'Transation has oready been made by a customer please check and try again';
header("location:obinnaa.php");
exit();
}
while($riow = mysqli_fetch_assoc($ql)) {
$id = $riow["id"];
$tqty = $riow["quantity"];
for($b = 0; $b < $tqty; $b++) {
$run = rand_string(5);
$dua .= $run;
}
}
$sql = mysqli_query($conn, "select * from books where book='$txt' AND used='loading'");
$split = $dua;
$show_plit = str_split($split, 5);
$b = 0;
while($row = mysqli_fetch_assoc($sql)) {
$id = $row["id"];
$qty = $row["quantity"];
$oldB = $b;
$am = " ";
for(; $b < $oldB + $qty; $b++) {
$am .= "$show_plit[$b]";
$lek = mysqli_query($conn, "UPDATE books SET ticket='$am' WHERE id=$id");
}
if($lek) {
$adr = urlencode($adr = "http://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
$ty = encrypt_decrypt("encrypt", $txt);
$vars = array(
"book" => $ty,
"url" => $adr
);
$querystring = http_build_query($vars);
$adr = "viewbuy.php?" . $querystring;
header("location: $adr");
} else {
$_SESSION["msg"] = 'Transation failed unknow error';
header("location:obinnaa.php");
}
}
}
}
but i get to
$_SESSION["msg"]='Transation has oready been made by a customer please check and try again
even when the query is right what are mine doing wrong.
Check your return variable name from the query. You have $ql when it should be $sql.
$sql = mysqli_query($conn, "select * from books where book='$txt' AND used='loading'");
$count = mysqli_num_rows($sql);
A good IDE would flag this. NetBeans is a good free one.
Public Service Announcement:
NEVER build SQL queries straight from a URL parameter. Always sanitize your inputs and (better yet) use parameterized queries for your SQL calls. You can Google these topics for more info.
I have this function :
public function RemplirTab($nomCol)
{
$username = $this->getDb()->getUsername();
$sql = "SELECT DISTINCT $nomCol
FROM nautilus_users_page, nautilus_users_acces, nautilus_users_droit, nautilus_users_privilege, nautilus_users_menu
WHERE nautilus_users_page.id_page = nautilus_users_acces.id_page
AND nautilus_users_acces.id_droit = nautilus_users_droit.id_droit
AND nautilus_users_droit.id_droit = nautilus_users_privilege.id_droit
AND nautilus_users_page.id_menu = nautilus_users_menu.id_menu
AND login='$username'";
$row = $this->getDb()->fetchAssoc($sql, array($nomCol, $username));
$i = -1;
$Tab = array();
while($result = $row)
{
$i = $i+1;
$Tab[$i] = $result[$nomCol];
}
return $Tab;
}
Which shows me an error:
I use Silex with Doctrine DBAL.
This function was mysqli with this form:
function RemplirTab($nomCol, $login)
{
$sql = "SELECT DISTINCT $nomCol
FROM nautilus_users_page, nautilus_users_acces, nautilus_users_droit, nautilus_users_privilege, nautilus_users_menu
WHERE nautilus_users_page.id_page = nautilus_users_acces.id_page
AND nautilus_users_acces.id_droit = nautilus_users_droit.id_droit
AND nautilus_users_droit.id_droit = nautilus_users_privilege.id_droit
AND nautilus_users_page.id_menu = nautilus_users_menu.id_menu
AND login='$login'";
$link = connectdb('nautilus_users');
$req = execquery($link, utf8_decode($sql));
$i = -1;
while($row = $req->fetch_assoc())
{
$i = $i+1;
$Tab[$i] = $row[$nomCol];
}
return $Tab;
}
I am getting Fatal error: Cannot pass parameter 3 by reference in line# 4
please suggest me solution I want the binding part dynamic.
$values = array($username,$password);
$query = "select * from users where email_id = ? and password = ?"
$this->con = new mysqli('localhost', 'username', 'password','dbname');
$stmt = $this->con->prepare($query);
$count = 0;
for ($i = 0; $i < count($values); $i++) {
$stmt->bind_param(++$count,$values[$i], PDO::PARAM_STR,12);
}
if ($stmt->execute()) {
while ($row = $this->stmt->fetch()) {
$data[] = $row;
}
return $data;
} else {
return null;
}
use bindValue()
$stmt->bindValue(++$count,$values[$i], PDO::PARAM_STR,12);
I don't understand why my code isn't working. The connection works and everything else however when I try to generate a unique random number and check from the MySQL if the number is there it still prints out a random number but it's not UNIQUE. Could anyone help me thx?
Here's my code:
$num = rand(1,5);
$sel_query = "SELECT * FROM test";
$result2 = $con->query($sel_query);
$i = 1;
for (;$i<2; $i++)
{
while($row = mysqli_fetch_array($result2))
{
if ($row['id'] == $num)
{
$num = rand(1,5);
$i = 0;
}
}
}
This should work:
$is_unique = false;
$num = false;
while (!$is_unique){
$num = rand(1,5);
$sel_query = "SELECT id from test where id = " . $num;
$result2 = $con->query($sel_query) or die($conn->error);
if (!mysqli_fetch_array($result2)){
$is_unique = true;
}
}
echo "Unique number is " . $num;
But if there aren't any more possible unique numbers, it will loop forever.
I know this is a bit old, but I found this question after needing a similar answer. I've taken Jodes's answer and updated it slightly, so that it won't run forever, is a function that returns the number, and accepts a mysqli connection as $mysqli:
function getUniqueNumber($mysqli)
{
$is_unique = false;
$num = false;
$times_run = 0;
while (!$is_unique)
{
if($times_run > 10)
{
echo "Run too many times, dying.";
die();
}
$num = rand(1,5);
$sel_query = "SELECT id from test where id = " . $num;
$result2 = $mysqli->query($sel_query) or die($mysqli->error);
if (!mysqli_fetch_array($result2))
{
$is_unique = true;
}
$times_run++;
}
return $num;
}
I want to store array into mysql db something like this
item_row = nike,adidas,puma
qty_row = 1,3,2
total_row = 100,200,150
foreach
foreach ($_SESSION['order'] as $values) {
$item_name = $values['item-name'];
$item_qty = $values['item-qty'];
$item_price = $values['item-price'];
}
Let me know how to do that?
update
foreach ($_SESSION['order'] as $values) {
$item_name[] = $values['item-name'];
$item_qty[] = $values['item-qty'];
$item_price[] = $values['item-price'];
}
$item_row = implode(",", $item_name);
$qty_row = implode(",", $item_qty);
$total_row = implode(",", $item_price);
item_row = implode(',', $_SESSION['order']['item-name']);
qty_row = implode(',', $_SESSION['order']['item-qty']);
total_row = implode(',', $_SESSION['order']['item-price']);
I'm using a class to manage the connection to the data base and the query execution let me add it to you:
class DbConnection
{
var $ReturnQuery;
function Connect()
{
$connection = mysql_connect("serverName", "user", "password");
$DbSelect = mysql_select_db("databaseName", $connection);
if ($DbSelect)
return true;
else
return false;
}
function Execute($Query)
{
$ExecuteQuery = mysql_query($Query);
$affected = mysql_affected_rows();
if ($affected != -1)
{
if ($affected != 0)
{
if ($ExecuteQuery != 1)
{
while($row=mysql_fetch_assoc($ExecuteQuery))
{
$ResulArray[] = $row;
}
$this->ReturnQuery = $ResulArray;
}
return 1;
}
else
{
$this->ReturnQuery = '';
return 0;
}
}
else
{
$this->ReturnQuery = '';
return -1;
}
}
}
and then you can create instances to execute your query:
require_once('Includes/DbConnection.php');
$this->db = new DbConnection();
$this->db->Connect();
$query = "insert into items (item_name, item_qty, item_price) values ('".$item_name."', '".$item_qty."', '"$item_price"');
$query_safe = mysql_real_escape_string($query);
$this->db->Execute($query_safe);
I hope it helps!!
foreach ($_SESSION['order'] as $values) {
mysql_query('INSERT INTO tablename (name, qty, price) VALUES("'.$values['item-name'].'", "'.$values['item-qty'].'", "'.$values['item-price'].'"');
}