I am fairly new to PHP.
What I want is not much. I just want to place a check on my page which goes to database and check for value 1 or 0. 1 means "enable" so page continues ; and 0 means "disable" and page dies.
someone suggested the following but it didn't work
$sql = mysql_query("SELECT * FROM members WHERE access= '1'");
$user = mysql_query($sql);
echo $user;
if ($user !=="1") {
echo "You are not the proper user type to view this page";
die();
}
Thank you so much for your time.
Firstly, you're using mysql_query() twice and that alone will cause a syntax error.
You're also not looping over results, so use the following to achieve what you want to do.
$sql = "SELECT * FROM members WHERE access= '1'";
$user = mysql_query($sql) or die(mysql_error());
while($row = mysql_fetch_array($user)){
if ($row['access'] !=="1") {
echo "You are not the proper user type to view this page";
die();
}
else {
echo "You are the right type.";
}
}
If your query requires a db connection to the query, you will need to do:
$user = mysql_query($sql, $connection);
This assuming a mysql_ successful connection. However, that API is deprecated as of PHP 5.5 and deleted as of PHP 7.0 and note that different MySQL APIs do not intermix.
It's time to step into the 21st century and use either the MySQLi_ or PDO API.
http://php.net/manual/en/book.mysqli.php
http://php.net/manual/en/book.pdo.php
You may also have to select an actual row (or rows) instead of SELECT * FROM members
I.e.:
SELECT column_1, column_2 FROM members
Consult these following links http://php.net/manual/en/function.mysql-error.php and http://php.net/manual/en/function.error-reporting.php
and apply that to your code.
You can also achieve this with mysql_num_rows():
$result = mysql_query("SELECT * FROM members WHERE access= '1'");
$num_rows = mysql_num_rows($result);
if ($num_rows > 0) {
// do something
}
else {
// do something else
}
You might also want to add to the WHERE clause:
$result = mysql_query("SELECT * FROM members WHERE access= '1' AND column='x' ");
Related
First and formost, yes i know PHP5.6 is deprecated version, but i want to stick with it and fully learn PHP for myself, before updating to MySQLi.
I'm trying to make a text based game running MySQL and PHP, and currently trying to create a system that:
1.Gets information from user table, username and total actions done (+)
2.At the certain timestamps save all usernames and actions into separete table (-)
3.Resets actions column to 0 for ALL players. (+/- planning to use a mysql trigger and/or cron-job)
My questions:
2) How would you suggest me to insert usernames into seperate table? (only idea i come up is to explode array somehow get variables and sumbit to mysql, question is how to do so? )
3) regarding this number 3, would you suggest something else then triggers or cron-jobs?
Code example bellow
<?php
include './config/connect-db.php';
$result= mysql_query("SELECT * FROM user WHERE actions > 100 ORDER BY
actions DESC LIMIT 5");
while($row = mysql_fetch_array($result)){
if ($row['u_dmisijos'] >= 100) {
echo '<li>'.$row["u_name"].' ('.$row["actions"].')<br>';
} // if actions
} //while loop
?>
EDIT:
MySQL includes a lot of columns, there are only 2 specific I'm focusing on, u_name (username) and actions (actions).
EDIT2:
What i am expecting on second table: ID (AI), username of player with the most action points, username of player with second action points etc. And Datastamp.
expected SQL
ID, nr1, nr2, nr3, nr4, nr5, Datastamp.
Cheers!
I am not sure this will work or not as I have not tested it. But, I hope you might get a general idea.
<?php
$conn = mysql_connect("localhost", "mysql_user", "mysql_password");
if (!$conn) {
echo "Unable to connect to DB: " . mysql_error();
exit;
}
if (!mysql_select_db("mydbname")) {
echo "Unable to select mydbname: " . mysql_error();
exit;
}
$sql = "SELECT * FROM user WHERE actions > 100 ORDER BY actions DESC LIMIT 5";
$result = mysql_query($sql);
if (!$result) {
echo "Could not successfully run query ($sql) from DB: " . mysql_error();
exit;
}
if (mysql_num_rows($result) == 0) {
echo "No rows found, nothing to print so am exiting";
exit;
}
while ($row = mysql_fetch_assoc($result)) {
$q = "INSERT INTO `new_table` (`u_name`, `actions`) VALUES
($row['u_name'],$row['actions'] )";
mysql_query($q);
}
?>
Regarding resetting all actions to 0 you can create a functions like:
function resetActions(){
//update actions to 0
$q = "UPDATE table_name SET actions = 0";
mysql_query($q);
}
Now, whenever you need to reset it you can call this function. Or you can call this function in cron job as you required.
I created a mysql query to check if user is banned or not and if he's the system give him return false. But it wont get the information.
public static function checkban($username)
{
if(LOGINCHECKBAN == false)
{
$vusername = engine::securyt($username);
$getIdBYname = "SELECT id FROM players WHERE username='".$vusername."' LIMIT 1";
$getNOW = mysql_query($getIdBYname);
$IDbyNAME = mysql_free_result($getIdBYname);
$queryforban = mysql_query("SELECT * FROM bans WHERE data = '".$IDbyNAME."' LIMIT 1");
$query = mysql_num_rows($queryforban);
if($query == 0) {
return true;
} else {
return false;
}
}
}
Note: engine::securyt($username) is the form type to get his username when he try to login.
What can be wrong on my code?
edit: I belive that "mysql_free_result" can be the problem, but im not sure what i need to put on replace of it.
mysql_free_result() frees a mysql result set. It does not actually retrieve data from the result.
You will want something like:
$getIdBYname = "SELECT id FROM players WHERE username='".$vusername."' LIMIT 1";
$result = mysql_query($getIdBYname);
$row = mysql_fetch_assoc($result);
if($row) { //a user was found
//$row['id'] is the found user
$result = mysql_query("SELECT COUNT(*) cnt FROM bans WHERE data = '". $row['id'] ."' LIMIT 1");
$row = mysql_fetch_assoc($result);
return ($row && $row['cnt'] == 0);
} else {
// no user; return something appropriate
}
However, if all you need is to determine is whether a particular user name is banned (and not actually get their user id), you can do that directly in the database with one query:
SELECT COUNT(*)
FROM players p
INNER JOIN bans b ON b.data = p.id
WHERE p.username = $username;
WARNING: Note that using mysql_* functions is strongly discouraged for new code (since mysql_* has been removed in PHP 7), and directly including variables in your query strings is a pretty major security vulnerability. You should look into using prepared statements/parameterized queries with mysqli or PDO.
I am a novice when it comes to PHP but I don't understand if my syntax is wrong in this statement, or how would I grab an int from my MySQL server.
I know that my server credentials are working fine. How would I fix this statement to give me a returned integer of the number of reviews in the userinfo table?
$numberofpreviousreviews = mysql_query("SELECT `number_of_reviews` FROM `userinfo`") or die(mysql_error()); //Check to see how many reviews user has previously created
$amountofreviews = $numberofpreviousreviews + 1;
$query2 = mysql_query("ALTER TABLE userinfo ADD `amountofreviews` VARCHAR(10000)") or die(mysql_error()); //Make another column in database for the new review
You need to fetch your results after you run your query. There are several ways to do this but using mysql_fetch_assoc() will work for you.
$numberofpreviousreviews = mysql_query("SELECT `number_of_reviews` FROM `userinfo`") or die(mysql_error()); //Check to see how many reviews user has previously created
$row = mysql_fetch_assoc($numberofpreviousreviews);
$amountofreviews = $row['number_of_reviews'] + 1;
FYI, you shouldn't be using mysql_* functions anymore. They are deprecated and going away. You should use mysqli or PDO.
Assume you have a table userinfo which has the following structure and data :
Scenario #1 :
If you want to retrieve the all number_of_reviews, then do like this,
$query = "SELECT `number_of_reviews` FROM `userinfo`";
$result = mysqli_query($db,$query);
while ($row = mysqli_fetch_assoc($result)) {
echo "Number of reviews : " . $row['number_of_reviews'] . "<br/>";
}
It will give you,
Number of reviews : 20
Number of reviews : 40
Since, the result has many rows, it will display like above.
Scenario #2:
If you want to retrieve only the specific number_of_reviews for some user id (which is unique). I take id as 1 as a example here. Then do like,
$query2 = "SELECT `number_of_reviews` FROM `userinfo` WHERE `id` = 1";
$result2 = mysqli_query($db,$query2);
while ($row2 = mysqli_fetch_assoc($result2)) {
echo $row2['number_of_reviews'] . "<br/>";
}
This will print,
20.
Because, number_of_reviews is 20 for id 1.
So I am creating a log-in form and this piece of code is giving me some trouble. I'm aware it may not be the most efficient or safe way but for now I simply need it to function, so I can test other aspects properly.
I have used a count in my SELECT statement but am now unsure how to turn that into an IF ELSE statement. If someone could please help me out that would be fantastic.
$result=mysqli_query($con, "SELECT count * FROM User WHERE LoginID = '$LoginID' AND password ='$password'");
if($result==1)
{
echo "Log In Success!";
echo $_SESSION['LoginID'];
}
else
{
echo "Wrong Username or Password";}
echo ' Click here to try again '
}
I have also tried using
$numrows = mysql_num_rows($result);
if($numrows != 0) { ... }
But I couldn't get that working either.
SQL injection or similar is not an issue as it will not have any actual security issues.
Thanks
I think you are trying MySql and PHP.
As an idea about using count function to find a valid user, you should remember these notes:
Note 1 : Using count function is like Count(*).
Note 2 : If no records found Count(*) will return null instead of 0, so you need another function like ifnull(,).
So your select statement should be something like this:
SELECT IFNULL((SELECT count(*) FROM User WHERE LoginID = '$LoginID' AND password ='$password'), 0)
Actually I don't try that query in MySql so I hope someone edit it ;).
As your another idea your select statement will be this (using mysql_num_rows):
SELECT LoginID FROM User WHERE LoginID = '$LoginID' AND password ='$password'
Just select a field possibly the id for the user instead of doing a count.
$result = mysqli_query($con, "SELECT id FROM User WHERE LoginID = '$LoginID' AND password ='$password'"))
if ($result && mysqli_num_rows($result) > 0) {
// valid
} else {
// invalid
}
I need to print data from users table for username that is logged in, for example, need to bring HP, attack, defence, gold... I found many answers here and after this I am sure I am gone ask more questions. Please help...
<?php
session_start()
if(isset($_SESSION['username'])){
echo "Welcome {$_SESSION['username']}";
}
require_once 'config.php';
$conn = mysql_connect($dbhost,$dbuser,$dbpass)
or die('Error connecting to mysql');
mysql_select_db($dbname);
$query = sprintf("SELECT ID FROM users WHERE UPPER(username) = UPPER('%s')",
mysql_real_escape_string($_SESSION['username']));
$result = mysql_query($query);
list($userID) = mysql_fetch_row($result);
echo "Health Points:".$row['HP'];
echo "Attack:";
echo "Defence:";
echo "Gold:";
?>
You have to query for all the information you actually want. So your query should look like this:
SELECT HP,Atk,Def,Gold FROM ...
This will retrieve the named fields from your database and not just the ID.
Also, you never assign your row, it should read
$row = mysql_fetch_row($result);
(But see my comment below).
1 - there is missing ; in the first line
2 - try "SELECT * " instead of "SELECT ID"
3 - $row is not defined , try :
$row = mysql_fetch_assoc($result);
instead of
list($userID) = mysql_fetch_row($result);
check the manual for the difference between mysql_fetch_row and mysql_fetch_assoc
mysql_fetch_assoc