I try to print the username in members panel.
That means when the member login, I will print to him, for example, "Welcome MEMBER'S NAME".
The problem is, when I use this script to print the member name, it print to me all members from my database:
<?php
$id = #$_GET['id'];
$name = #$_GET['name'];
$select = "SELECT * FROM tblname WHERE id='$id'";
$run = mysqli_query($connect,$select);
while($row = mysqli_fetch_array($run)){
echo $row['name'];
}
?>
Can anyone help?
You should sanitize the $_GET as mysql_real_escape_string($_GET['id']); and instead of looping through the record resource you can use
$select = "SELECT * FROM tblname WHERE id='$id'";
$run = mysqli_query($connect,$select);
$row = mysqli_fetch_array($run);
echo $row['name'];
Related
i have a problem , i am storing a message on my database with $row[name] The text in my database is
Helloo $row['name'] how are you
$txt[1] is "Helloo $row['name'] how are you "
This is the code i tryed the first echo works, but the seccond is not working
<?php
$check = $db->prepare("SELECT * FROM appointments WHERE trimis='0'");
$check->execute();
$checkdb = $check -> fetchAll();
foreach($checkdb as $row){
echo $row['name']; // THIS WORKS
$check = $db->prepare("SELECT * FROM settings WHERE id='1'");
$check->execute();
$checkdb2 = $check -> fetchAll();
foreach($checkdb2 as $txt){
echo $txt[1]."<BR>"; // THIS DOESEN'T
}
}
?>
You should select the specific fields from your table when you write your query,
Because using wildcard SELECT * + accessing the rows by index like $txt[1] is the recipe for bugs:
$check1 = $db->prepare("SELECT name FROM appointments WHERE trimis='0'");
$check1->execute();
while($rows1 = $check1->fetch()){
echo $row['name'];
$check2 = $db->prepare("SELECT custom_text FROM settings WHERE id='1'");
$check2->execute();
while($rows2 = $check2->fetch()){
echo $rows2['custom_text']."<BR>";
}
}
<?php
if (!isset($_POST['submitted'])) {//1
// Checs for the ID
if (isset($_GET['id']) && is_numeric($_GET['id'])) {//2
// MySQL Connect
require_once('mysql_connect.php');
$id = mysql_real_escape_string($_GET['id']);
$query = "SELECT id, name FROM websites WHERE id = $id";
$result = mysql_query($query) OR die (mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
?>
// ROW WITH THE ERROR
<?php echo $row['name']; ?></strong><br /><?php echo $row['banner']; ?><? echo $row['description'];?>
<?php
} else {
echo '<font color="red">You have to select a server to view</font>';
die();
}
} else {
// MySQL Connect
require_once('mysql_connect.php');
$id = mysql_real_escape_string($_POST['id']);
// Choose the web for votes
$query = "SELECT id, votes FROM websites WHERE id = $id";
$result = mysql_query($query) OR die(mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$votes = $row['votes'];
$url = $row['url'];
$id = $row['id'];
$banner = $row['banner'];
$result = mysql_query($query) OR die(mysql_error());
} // end
?>
All that is printing is the Name, the rest is not being printed.
I'm just wondering where i'm going wrong?
Its supposed to print the Name, Banner, and description from $id.
You never actually select banner and description in your query so they are not available in your resultset.
$query = "SELECT id, name, banner, description FROM websites WHERE id = $id";
You need to specify ALL desired fields that you wish to retrieve in your SQL query:
$query = "SELECT id, name, banner, description FROM websites WHERE id = $id";
Alternatively, use SELECT * FROM websites to retrieve all available rows.
I have used urldecode to receive a member ID from a previous site. The correct ID is being displayed in the URL but I can't fetch information from the database.
<?php
$id = urldecode(trim($_GET['memberID']));
$query = "SELECT * FROM members WHERE memberID = '".$id."'";
if ($result = $db->query($query)) {
while ($row = $result->fetch_assoc()){
printf("%s (%s)\n", $row["memberID"], $row['name']);
}
}
?>
All I get is a blank screen.
change mysql.error() to mysql_error()
$query = "SELECT * FROM members WHERE memberID = '".$id."'";
I'm trying to get a single result from my database, just one name.
I tried using;
$row = mysql_fetch_array(mysql_query("SELECT * FROM persons WHERE id = '$id'"));
echo $row['name'];
But that din't work, any other way to simply show only one result?
Thanks in advance!
[EDIT:]
(I'm using PHP 5.3)
<?php
include("connection.php");
$id = $_GET['deletid'];
$result = mysql_query("SELECT * FROM persons WHERE id = '$id' LIMIT 1");
if(!$result){
echo mysql_error();
}
if ($row = mysql_fetch_array($result)){
echo $row['name'];
}
echo "<p>id:$id</p>";
?>
If you need just the name and you need just one result you should rewrite your query as follow:
$row = mysql_fetch_array(mysql_query("SELECT name FROM persons WHERE id = '". (int) $id ."' LIMIT 1"));
Now to get the result you should just get it with a
$row['name'];
EDIT
Now that you posted your entire code i got what's wrong: You are deleting that result before getting its name. Basically you delete that user and then you attempt to get its name.
EDIT
<?php
include("connection.php");
if (empty($_GET['deleteid'])) {
exit('"deleteid" is empty');
}
$id = mysql_real_escape_string($_GET['deletid']);
$result = mysql_query("SELECT name FROM persons WHERE id = '". (int) $id ."' LIMIT 1");
if(!$result){
echo mysql_error();
}
$row = mysql_fetch_assoc($result); // for just one result you don't need of any loop
echo $row['name'];
echo "<p>id:". htmlspecialchars($id) ."</p>";
?>
try
$row = mysql_fetch_array(mysql_query("SELECT name FROM persons WHERE id = ". (int) $id));
echo $row['name'];
I have my data stored in a MySQL table, which includes an auto_increment ID number (unique) for each new row.
I'd like users to be able to get a certain ID number, using the $_GET function.
eg. User loads http://mysite.com/id.php?id=123
Page displays ID number 123 along with the row.
echo $row['id'];
echo "<table>";
echo "<tr> <th>Unit</th> <th>Message</th> <th>Date</th> </tr>";
while($row = mysql_fetch_array( $result )) {
echo "<tr><td>";
echo $row['title'];
echo "</td><td>";
echo $row['description'];
echo "</td><td>";
echo $row['pubDate'];
echo "</td></tr>";
}
echo "</table>";
echo "</center>";
I'm stuck as to where I put the $_GET bit.
Thanks :)
You should append it to your query (using intval to avoid SQL injection) like this:
// use the id in your WHERE clause, convert it to an integer to avoid sql injections
$query = 'SELECT fields FROM table WHERE id = ' . intval($_GET['id']);
$result = mysql_query($query);
$row = mysql_fetch_row($result);
... do stuff with $row ...
Firstly, your code does not make much sense, since you use $row before it was defined.
Secondly, $result isn't defined at all, and it should be, for example like this:
$id = intval($_GET['id']);
$result = mysql_query("SELECT FROM table WHERE id = '$id'");
And now you know how and where to use $_GET['id'].
Dont waste your time doing the comparison afterwards, you'll save yourself alot of time by adding it to the original query
$id = intval($_GET['id']);
$query = "SELECT whatever FROM table WHERE id=$id";
$id = $_GET['id'];
$id = mysql_real_escape_string($id);
$query = "SELECT * FROM `Table` WHERE `id`='" . $id . "'";
$res = mysql_query ($query);
$exist = mysql_num_rows($res);
if ($exist) {
$row = mysqlfetch_assoc($res);
...
}