MySql query not working with variables weird bug - php

I have a list of users ids and my goal is to get the name of each user using the id
the sql variable prints: SELECT name FROM users WHERE unique_id = '56d4814fb37cf3.17691034 '
If i copy paste the query the name is returned and works as well with other ids, but i don't want the function to allways return the same name, i want to add the variable $userID to my query and return the name
But this only works when i hardcode de id
public function returnNameByID($userID){
//User ID: 56d4814fb37cf3.17691034
$sql = "SELECT name FROM users WHERE unique_id = '$userID'";
echo $sql; // Prints SELECT name FROM users WHERE unique_id = '56d4814fb37cf3.17691034 '
//Doesn't work $name returns Null
// $stmt = $this->conn->prepare("SELECT name FROM users WHERE unique_id = '$userID'");
//Doesn't work $name returns Null
$stmt = $this->conn->prepare($sql);
// Works $name returns name of the user
$stmt = $this->conn->prepare(" SELECT name FROM users WHERE unique_id = '56d4814fb37cf3.17691034 ' ");
$stmt->execute();
$result = $stmt->get_result()->fetch_assoc();
$name = $result["name"];
return $name;
EDIT
require_once 'db_functons.php';
$db = new db_functions();
$userID = $_GET['userID'];
$mArray = array();
$mArray = $db->getFriendsList($userID);
//Printing the array Prints the correct id's
$name = $db->returnNameByID($mArray[0]);
echo $name;


Seems you have some space around your code try using a trim
$sql = "SELECT name FROM users WHERE trim(unique_id) = '" . trim($userID) . "';";

Related

How do I add a string at the end of user input in SQL/PHP

I have a SQL query that is based on user input.
However, in the table, theres a "-1" at the end of every word that you search for.
For example if you want to get the sql result of car, it's actually named car-1 in the database, but the user should only be able to search for car.
This is how its setup:
$sql = "SELECT * FROM that WHERE this = ?";
$stmt = $conn->prepare($sql);
$search_query = $_POST['this'];
$stmt->bind_param('s', $search_query);
$stmt->execute();
$result = $stmt->get_result();
What I want, is that the select query should be like:
$sql = "SELECT * FROM that WHERE this = ? + '-1'";
But ^^ doesn't work.

$sql = "SELECT * FROM test WHERE NAME='car' & -1";
test = that
NAME= table name
'car' = this

Why don't you just concat -1 to search_query :
$sql = "SELECT * FROM that WHERE this = ?";
$stmt = $conn->prepare($sql);
$search_query = $_POST['this'];
$stmt->bind_param('s', $search_query.'-1');
$stmt->execute();
$result = $stmt->get_result();

Using MySQL:
$sql = "SELECT * FROM that WHERE this = CONCAT(?, '-1')";
Using PHP:
$stmt->bind_param('s', $search_query . "-1");

How to choose row name in mysql table from local variable in PHP code?

Is there a way to choose row name in mysql table from a variable in Php code? For example, instead of SELECT email, I want SELECT email_2 based on my if statement like this:
$value == "";
if(true){
$value = email
SELECT $value from....
else{
$value = email_2
SELECT $value from....
}
This is my php code:
$stmt = $conn->prepare("SELECT email from account_data_base WHERE test = ?");
$stmt->bind_param("s", $test);

You could use a variable to select the column you want. You cannot use the statement on column names.
$test = 'your_value';
$column = 'email'; // column by default
if ($your_condition_is_true) {
$column = 'email_2';
}
$stmt = $conn->prepare("SELECT $column FROM account_data_base WHERE test = ?");
$stmt->bind_param("s", $test);

MySQL Insert on first table and update on 2nd table

I am trying to insert data into table_1 and then insert on second table if the new inserted ID not available on 2nd table if available then update it. Bellow is my code please tell me what I'm doing wrong.
<?php
$name='Name';
$pass='Passsword';
$rid='FR200000';
$sql = "INSERT INTO table_1 (id,name,pass) VALUES('".$rid."','".$name."','".$pass."')";
$res = mysql_query($sql);
if(!$res){
echo'Failed to insert';
}else{
$sql = "SELECT id FROM site_settings WHERE id = '".$rid."'";
$res = mysql_query($sql);
$get_id = mysql_fetch_assoc($res);
if (!$get_id==$rid){
$site_url = 'www.example.com';
$site_email ='example#mysite.com';
$sql = "INSERT INTO site_settings (id,site_url,site_email) VALUES('".$rid."','".$site_url."','".$site_email."')";
$res = mysql_query($sql);
if(!$res) return 1;
return 99;
}
if ($get_id==$rid){
$sql = "UPDATE site_settings SET site_url = '" . $site_url . "', site_email = '" . $site_email . "' WHERE ID = '".$rid."'";
$res = mysql_query($sql);
if(!$res) return 1;
return 99;
}
?>

mysql_query()
For SELECT, SHOW, DESCRIBE, EXPLAIN and other statements returning
resultset
$sql = "SELECT id FROM site_settings WHERE id = '".$rid."'";
$get_id = mysql_query($sql);
You will not compare directly result set with $rid
if (!$get_id==$rid){
You need to fetch data first
$row = mysql_fetch_assoc($res);
$get_id=$row['id'];// fetch data
Then compare
if (!$get_id==$rid){
// YOUR code
NOTE:- mysql is deprecated instead use mysqli OR PDO

Select all records when no value is supplied

I have a function in php that does retrieval and display work from a MySql database.
It's like this:
function thisFunction($id,$country,$year){
global $conn;
$conn = connect();
$stmt = $conn->prepare("select * from table where id = :id and countryCode = :country and YEAR(addedDate) = :year and status = 0");
$stmt->execute(array(
':id' => $id,
':country' => $location,
':year' => $year
));
}
The problem is, sometimes $id has a value, sometimes it doesn't. When it does have a value, I'd like to select records with that value, when it doesn't I'd like to select all.
How do I write the sql in there, or do this thing, so that when there is a value it'll select only records with that value, and when there isn't a value, it'll select all. It's the part where when no value is selected - then select all where I'm stuck.
I call the function like anyone would. Nothing unique there.
select * from table where id = 9 -- works fine - displays all records where id = 9
select * from table where id = no value supplies - should display all value. How do I do this?
Can you please help?
select * from table where id = * //Does not work

Just remove the id part if it's empty:
function thisFunction($id,$country,$year){
global $conn;
$conn = connect();
if (!isset($id) || empty($id))
{
$stmt = $conn->prepare("select * from table where countryCode = :country and YEAR(addedDate) = :year and status = 0");
$stmt->execute(array(
':country' => $location,
':year' => $year
));
}
else
{
$stmt = $conn->prepare("select * from table where id = :id and countryCode = :country and YEAR(addedDate) = :year and status = 0");
$stmt->execute(array(
':id' => $id,
':country' => $location,
':year' => $year
));
}
}

select * from table where id = id;
Sample fiddle

You could use something like this:
function thisFunction($id,$country,$year){
global $conn;
$sql_query = "select * from table where status = 0";
$where_data = array();
if(isset($id) && $id != '*'){ // Only add this if ID is set to something other than *
$where_data[':id'] = $id;
$sql_query .= " AND id = :id";
}
if(isset($location)){
$where_data[':country'] = $location;
$sql_query .= " AND countryCode = :country";
}
if(isset($year)){
$where_data[':year'] = $year;
$sql_query .= " AND YEAR(addedDate) = :year";
}
$conn = connect();
$stmt = $conn->prepare($sql_query);
$stmt->execute($where_data);
}

you could potentially select them if the column is not null.
select * from table where id is not null

Multiple objects per array row

I'm trying to create an API and I need to put multiple queries into my JSON ouput, the issue is everything is returned as an object of class stdClass... here is my code:
$querystr = "SELECT entry_id AS id FROM {$wpdb->prefix}connections_term_relationships WHERE term_taxonomy_id = '{$_GET['catID']}'";
$cID = $wpdb->get_results($querystr);
$dirCount=count($cID);
$arrayCategory= array();
$androidArray = array();
if($dirCount > 0){
foreach($cID as $company){
$querycInfo = "SELECT id, organization, contact_first_name, contact_last_name, bio FROM {$wpdb->prefix}connections WHERE id = '{$company->id}'";
$companyInfo = $wpdb->get_row($querycInfo);
$queryAddress = "SELECT line_1, line_2, line_3, state, zipcode FROM {$wpdb->prefix}connections_address WHERE entry_id = '{$company->id}'";
$address = $wpdb->get_row($queryAddress);
$queryEmail = "SELECT address FROM {$wpdb->prefix}connections_email WHERE entry_id = '{$company->id}' AND type = 'work'";
$email = $wpdb->get_row($queryEmail);
$queryWebsite = "SELECT title, url FROM {$wpdb->prefix}connections_link WHERE entry_id = '{$company->id}' AND type = 'website'";
$website = $wpdb->get_row($queryWebsite);
$queryPhone = "SELECT number FROM {$wpdb->prefix}connections_phone WHERE entry_id = '{$company->id}' AND type = 'workphone'";
$phone = $wpdb->get_row($queryPhone);
$arrayCategory[]= $companyInfo;
}
}else{
$arrayCategory[0]=array('organization'=>'No Company Found Within This Category');
}
$androidArray = array('companies'=>$arrayCategory);
echo json_encode($androidArray);
}
I need $arrayCategory to hold more then just $companyInfo, I need it to hold the other variables as well. This is being built for WordPress. Thanks in advance!

I ended up just formatting my SQL query in a matter that made more sense:
$querycInfo = "SELECT main.id, organization, contact_first_name, contact_last_name, bio, number FROM {$wpdb->prefix}connections main
JOIN {$wpdb->prefix}connections_phone phone ON phone.entry_id = main.id AND main.id = '{$company->id}'";
This solved the issue.

Categories