This question already has answers here:
How to include a PHP variable inside a MySQL statement
(5 answers)
Closed 1 year ago.
I looked for an answer but could not find it as the issue seems to be slightly different here.
$vid = $_SESSION['ID_Vendor'];
echo "ID: $vid";
$q = 'SELECT business_name, vd.ID_Vendor, res.ID_RestaurantEstablishment
FROM restaurant res
INNER JOIN vendor_data vd
ON vd.ID_Vendor=res.ID_Vendor AND res.ID_Vendor="$vid" ORDER BY business_name ASC';
The variable $vid has indeed a value (equal to 2 in this case, but it could be different), HOWEVER, when I specifically set
WHERE res.ID_Vendor=2
my query returns the correct and expected list of values, but when, instead, I use
WHERE res.ID_Vendor="$vid"
with "$vid", the echo of my values is simply empty.
Below is the full snippet of the code to also echo the output.
Thanks for your help.
$vid = $_SESSION['ID_Vendor'];
echo "ID: $vid";
$q = 'SELECT business_name, vd.ID_Vendor, res.ID_RestaurantEstablishment
FROM restaurant res
INNER JOIN vendor_data vd
ON vd.ID_Vendor=sfe.ID_Vendor AND res.ID_Vendor="$vid" ORDER BY business_name ASC';
$r = mysqli_query($connection, $q);
while ($row = mysqli_fetch_array ($r, MYSQLI_NUM)) {
echo '>' . htmlspecialchars($row[0]) . ' ' . htmlspecialchars($row[1]) . ' ' . htmlspecialchars($row[2]) .'</option>';
}
PHP does not recognize variable in apostrophes pair ''. Put your variable in "". EG:
"WHERE res.ID_Vendor='$vid'"
Since I raised the idea, I suppose I should illustrate the use of prepared statements.
Using mysqli one would proceed as follows (assuming $connection has been successfully initialized):
// The indentation here is purely a matter of personal preference
$query = 'SELECT business_name, vd.ID_Vendor, res.ID_RestaurantEstablishment
FROM restaurant res
INNER JOIN vendor_data vd
ON vd.ID_Vendor = res.ID_Vendor
WHERE res.ID_Vendor = ?
ORDER BY business_name ASC';
$stmt = $connection->prepare($query);
$stmt->bind_param('s', $vid); // 's' assumes $vid is string; use 'i' for int
$stmt->execute();
$res = $stmt->get_result();
while ($row = $res->fetch_array(MYSQLI_NUM))
{
echo '>' . htmlspecialchars($row[0]) . ' ' . htmlspecialchars($row[1]) . ' ' . htmlspecialchars($row[2]) .'</option>';
}
The idiom is the same using PDO. The format of the PDO data source name (DSN) is documented online.
$conn = new PDO($dsn, $username, $password); // define these vars elsewhere
$query = 'SELECT business_name, vd.ID_Vendor, res.ID_RestaurantEstablishment
FROM restaurant res
INNER JOIN vendor_data vd
ON vd.ID_Vendor = res.ID_Vendor
WHERE res.ID_Vendor = :vid
ORDER BY business_name ASC';
$stmt = $conn->prepare($query);
$stmt->execute(array(':vid' => $vid));
while ($row = $stmt->fetch(PDO::FETCH_NUM))
{
echo '>' . htmlspecialchars($row[0]) . ' ' . htmlspecialchars($row[1]) . ' ' . htmlspecialchars($row[2]) .'</option>';
}
In both cases I leave error handling as an exercise for the reader.
There's a few problems with your code:
Firstly, this won't work and will echo $vid literally.
echo "ID: $vid";
This will return: ID: $vid
You'll need to concat the string with the variable, it should be:
echo "ID: " . $vid;
This will return: ID: 2
Secondly, your query won't work:
$q = 'SELECT business_name, vd.ID_Vendor, res.ID_RestaurantEstablishment
FROM restaurant res
INNER JOIN vendor_data vd
ON vd.ID_Vendor=res.ID_Vendor AND res.ID_Vendor="$vid" ORDER BY business_name ASC';
You should enclose the query with double quotes and your variable with single quotes instead:
$q = "SELECT business_name, vd.ID_Vendor, res.ID_RestaurantEstablishment
FROM restaurant res
INNER JOIN vendor_data vd
ON vd.ID_Vendor=res.ID_Vendor AND res.ID_Vendor='$vid' ORDER BY business_name ASC";
For SQL, not like javascript or php, only single quote is allowed for string or char.
For MySQL, if the column type of res.id_vendor is number, res.id_vendor='1' is the same as res.id_vendor=1, so it is better always wrap the variable with single quote, as in res.id_vendor='$vid'
Lastly, comments on coding conventions: it is recommended to not mix upper case and lower case characters in column naming, use "_" as word delimiters, like
vd.id_vendor
res.id_restaurant_establishment
Related
I have set up a query as such:
$query = 'SELECT SGC.sys_id, TBL.semester, SGC.bonus, SGC.exam, SGC.ca FROM SubjectGradeComponent AS SGC, ';
$query .= '(SELECT `sys_id`, `semester` FROM AcademicYearTerm AS AYT, SubjectYearTermLevel AS SYTL WHERE academic_year = "' . $academic_year . '" AND SYTL.subject_id = ' . $subject_id . ' AND SYTL.form_level = ' . $form_level. ' AND SYTL.yearTerm_id = AYT.yearTerm_id) AS TBL ';
$query .= 'WHERE SGC.sys_id = TBL.sys_id;';
However when I run the query, $mysql->query($query);it returns an empty result with 0 rows. Running the same query on phpmyadmin shows the desired result. I have looked around but do not understand the problem.
$mysql->error does not show any error message either
EDIT:
generated query is like this:
SELECT SGC.sys_id, TBL.semester, SGC.bonus, SGC.exam, SGC.ca FROM SubjectGradeComponent AS SGC, (SELECT `sys_id`, `semester` FROM AcademicYearTerm AS AYT, SubjectYearTermLevel AS SYTL WHERE academic_year = "2018-2019" AND SYTL.subject_id = 1 AND SYTL.form_level = 1 AND SYTL.yearTerm_id = AYT.yearTerm_id) AS TBL WHERE SGC.sys_id = TBL.sys_id;""
Question is where are the "" from?
Looks like you want a JOIN query instead.
You should also use prepared statement with placeholders ? instead of injecting values directly into the query.
$query = "SELECT SGC.sys_id,
AYT.semester,
SGC.bonus,
SGC.exam,
SGC.ca
FROM SubjectGradeComponent AS SGC
JOIN AcademicYearTerm AS AYT
ON SGC.sys_id = AYT.sys_id
JOIN SubjectYearTermLevel AS SYTL
ON SYTL.yearTerm_id = AYT.yearTerm_id
WHERE academic_year = ?
AND SYTL.subject_id = ?
AND SYTL.form_level = ?";
I am obtaining some values from an array and making a match against these values in an SQL Query.
The code for this is as follows:
foreach($files as $ex){
$search = substr($ex,3,4);
echo $search . '<br>';
echo '<br>';
$sql = 'SELECT DISTINCT `pdb_code` FROM pdb WHERE `pdb_code` <> "' . $search . '" LIMIT 4';
}
$result = mysql_query($sql) or die(mysql_error());
while($row = mysql_fetch_array($result)){
echo 'SQL' . $row['pdb_code'] .'<br>';
$pdb[] = $row['pdb_code'];
}
The issue that I am having is that the <> seems not to be working.. I have even tried using the != operator, but still having the same issue.
The output of $search from the array are :
101m
102l
102m
103l
The output of SQL from the query is still:
101m
102l
102m
103l
Your code doesn't seem that logical, as you generate numerous SQL statements and then just execute the last one.
However I assume what you want to do is take a list of files, extract a string from each file name and then list all the pdb_code values from the table which are not already in the string.
If so something like this would do it. It takes each file name, extracts the sub string and escapes it, putting the result into an array. Then it builds one query, imploding the array to use in a NOT IN clause:-
<?php
$search_array = array();
foreach($files as $ex)
{
$search = substr($ex,3,4);
echo $search . '<br>';
echo '<br>';
$search_array[] = mysql_real_escape_string($search);
}
if (count($search_array) > 0)
{
$sql = "SELECT DISTINCT `pdb_code` FROM pdb WHERE `pdb_code` NOT IN ('" . implode("','", $search_array) . "') LIMIT 4";
$result = mysql_query($sql) or die(mysql_error());
while($row = mysql_fetch_array($result))
{
echo 'SQL' . $row['pdb_code'] .'<br>';
$pdb[] = $row['pdb_code'];
}
}
You have to use not in:
SELECT * FROM table_name WHERE column_name NOT IN(value1, value2...)
Try this:
$searchIds = implode(',',$search);
$sql = "SELECT DISTINCT `pdb_code` FROM pdb WHERE `pdb_code` NOT IN ('$searchIds') LIMIT 4";
I need to grab a result from one query and pop it into another.
first query
$query = 'SELECT * FROM singleprop.jos_mls WHERE MSTMLSNO = ' . $mlsnum . ';';
$result = mysql_query($query);
$row = mysql_fetch_row($result);
second query
$aquery = 'SELECT * FROM singleprop.jos_agents WHERE AGTBRDIDMM = ' . $row[0] . ';';
$aresult = mysql_query($aquery);
$agent = mysql_fetch_row($aresult);
I know about JOIN, but don't know how to apply it with a 3rd table. Does my model have something to do with $this->?
The code looks good. You could write a query using join, which you are aware of. What is the question?
SELECT *
FROM singleprop.jos_mls as mls JOIN singleprop.jos_agents
ON singleprop.jos_mls.KEY = singleprop.jos_agents.KEY
WHERE mls.MSTMLSNO = $mlsnum
where KEY is the join key
OR
SELECT *
FROM singleprop.jos_agents
WHERE AGTBRDIDMM = (
SELECT COL_NAME
FROM singleprop.jos_mls
WHERE MSTMLSNO = ' . $mlsnum . '
)
where COL_NAME is the column name for AGTBRDIDMM in the first table
I have 3 tables:
Users - uID (INT AUTO_INCREMENT), name (VARCHAR)
Movies - mID (IN AUTO_INCREMENT), title (VARCHAR)
Watched - uID (INT), mID (INT)
I'm writing a php function that constructs a query which adds records of movies watched by a particular person. Here's what I've come up with so far:
function set_watched($name, $movies){
$sql = "SET #userid = (SELECT uID FROM users WHERE name = '$name' LIMIT 1); ";
$sql .= "INSERT INTO watched (uID, mID) VALUES ('";
foreach ($movies as $index => $movie){
}
}
My question:
Is there a way to combine the #userid variable with the results of a SELECT mID FROM MOVIES WHERE title = $movie OR title = $movie [generated with foreach]?
I don't want to generate separate SELECT statements for every movie title. Perhaps I don't even have to use the #userid variable at all?
Try something like this:
$sql = "INSERT INTO watched (uID, mID)
SELECT User.uID, Movies.mID
FROM (SELECT uID FROM Users WHERE Users.name = '$name' LIMIT 1) AS User, Movies
WHERE ";
foreach ($movies as $index => $movie){
$sql .= "Movies.title = '$movie' OR ";
}
$sql = substr($sql, 0, -4) . ";";
I prefer using arrays and imploding them for this sort of an application. Also, I wouldn't try and force these two things into one query. I would either:
Modify the function parameters to accept uID as its input, instead of name
Change the logic to two queries.
Besides, PHP's mysql_query function doesn't support multiple queries, so if you're using the standard mysql functions, you can't execute two queries with one call to mysql_query.
Running with case #2, you can use something like this (untested, of course):
$sql = 'SELECT uID FROM users WHERE name = "' . $name. '" LIMIT 1';
$result = mysql_query( $sql);
$row = mysql_fetch_row( $result);
mysql_free_result( $result);
$values_array = array();
foreach ($movies as $index => $movie)
{
$values_array[] = '( "' . $row['uID'] . '", "' . $movie . '")';
}
$sql = 'INSERT INTO watched (uID, mID) VALUES ' . implode( ', ', $values_array);
$result = mysql_query( $sql);
I've got a SQL query within a foreach loop. Sometimes there can be many, and I mean a lot of queries to do, depending on several criteria, up to 78 queries potentially.
Now, I know that premature optimisation is root cause of all evil, but I don't want to see 78 queries - it's just not healthy.
Here's the code:
$crumbs = explode(",", $user['data']['depts']);
foreach ($crumbs as &$value) {
$data = $db->query("SELECT id FROM tbl_depts WHERE id = '" . $value . "'");
$crumb = $data->fetch_assoc();
$dsn = $db->query("SELECT msg, datetime FROM tbl_motd WHERE deptid = '" . $value . "'");
$motd = $dsn->fetch_assoc();
if ($motd['msg'] != "") {
<?php echo $motd['msg']; ?>
}
}
Can I make it any better?
Use IN MySQL operator to search over a set of values for id:
$ids = '"' . implode('", "',$crumbs) . '"';
$query1 = "SELECT id FROM tbl_depts WHERE id IN (" . $ids . ")";
$query2 = "SELECT msg, datetime FROM tbl_motd WHERE deptid IN (" . $ids . ")";
And so you will not need to retrieve all data you need using foreach loop, so you will have only 2 queries instead of 78.
Example: I have a table named table with 10 records which ids are: 1,2,3,4,5,6,7,8,9,10 (auto-incremented). I know I need records with ids 1,5,8. My query will be:
$sql = "SELECT * FROM `table` WHERE id in (1,5,8);";
And I don't understand why do you need to use & operator in foreach loop if you don't modify the $crubms arrays values.
I think this is want you want.
SELECT msg, datetime
FROM tbl_depts td
INNER JOIN tbl_motd tm ON td.id = tm.deptid