Working traditional query:
$form_id = Caldera_Forms::get_field_data( '_entry_id', $form );
$post_id_qry = mysql_query("SELECT `meta_value` FROM wp_cf_form_entry_meta WHERE entry_id = '$form_id' and meta_key = 'ID'");
$post_id = mysql_fetch_array($post_id_qry);
echo $post_id['meta_value'];
Now when I convert over to a sprintf() to make it more secure and it returns blank. I have tried a syntax check and it came back clean. Any ideas?
$form_id = Caldera_Forms::get_field_data( '_entry_id', $form );
global $wpdb;
$post_id_qry = sprintf("SELECT `meta_value` FROM %s WHERE entry_id = %d and meta_key = 'ID'", $wpdb->prefix . 'cf_form_entry_meta', $form_id );
$post_id = $wpdb->get_results($post_id_qry);
echo $post_id['meta_value'];
$wpdb->get_results() returns an array of all the results of the query, not just a single row. And by default the rows are objects, not associative arrays. So you need to do:
echo $post_id[0]->meta_value;
to display the value.
If you want to get a single row as an associative array, use:
$post_id = $wpdb->get_row(ARRAY_A);
echo $post_id['meta_value'];
Note that WP doesn't have anything analogous to mysql_fetch_array. The options to get_row are ARRAY_A, which is like mysql_fetch_assoc, and ARRAY_N, which is like mysql_fetch_row.
Related
I have this query in my wordpress plugin. I need to check the database to get a value and compare it, but the sql seems not returning any result.
global $wpdb;
$table = $wpdb->prefix . 'order_codes';
$sql = $wpdb->prepare("SELECT * FROM $table WHERE order_code = '$order_code'");
$order_signature = $wpdb->get_results($sql, ARRAY_A);
I've done a var_dump($order_signature); but the resulting array will be always empty.
Is there something wrong in the statement?
The issue is with the use of the $order_code variable in the query. The $wpdb->prepare() method is used to prevent SQL injection by properly escaping input variables, but it seems that in this case, the variable is not being passed correctly.
Try to use this i hope problem will be solve:
global $wpdb;
$table = $wpdb->prefix . 'order_codes';
$order_code = 'your_order_code_value';
$sql = $wpdb->prepare("SELECT * FROM $table WHERE order_code = %s", $order_code);
$order_signature = $wpdb->get_results($sql, ARRAY_A);
By passing the variable correctly to the $wpdb->prepare() method, the query should return the expected results.
Why the result return is null? What is wrong? If I use this consult on directly phpmyadmin, the result is correctly.
<?php $postid = get_the_ID(); ?>
<?php
$get_thumb = $wpdb->get_var
( "SELECT meta_value FROM `wp_postmeta` WHERE `post_id` = $postid AND `meta_key` = '_wp_attached_file'" );
echo "<p>Thumb URL: {$get_thumb}</p>";
?>
I'd suggest using the $wpdb->prepare() statement to ensure the SQL query is generated correct and the $get_thumb variable is correctly set in the query.
$postid = get_the_ID();
$get_thumb = $wpdb->get_var($wpdb->prepare(
"SELECT meta_value FROM `wp_postmeta` WHERE `post_id` = %s AND `meta_key` = '_wp_attached_file'",$postid));
echo "<p>Thumb URL: {$get_thumb}</p>";
Again you can always log the SQL string generated by prepare() to ensure it matches your expectations. See https://codex.wordpress.org/Class_Reference/wpdb#Examples for more examples.
I think your syntax has some trouble, so here's your original query revised.
<?php
$get_thumb = $wpdb->get_var(
"
SELECT meta_value
FROM wp_postmeta
WHERE post_id = " . $postid . " AND meta_key = _wp_attached_file
"
);
echo "<p>Thumb URL: {$get_thumb}</p>";
?>
I made sure the PHP is echoing correctly inside the query - I am not sure if that's a problem you were having.
I do recommend the prepared query too. Here is it with what I think is correct syntax (I found it was helpful to prepare items by putting them in a $query_arg_array). See https://codex.wordpress.org/Class_Reference/wpdb.
$postid = get_the_ID();
$query_arg_array = [$postid];
$get_thumb = $wpdb->get_var($wpdb->prepare(
"
SELECT meta_value
FROM wp_postmeta
WHERE post_id = %d AND meta_key = _wp_attached_file
",
$query_arg_array
));
echo "<p>Thumb URL: {$get_thumb}</p>";
If that prepared query didn't work, try putting $postid directly as argument instead of the $query_arg_array.
Remember SQL is super sensitive so even an extra space can throw off your query.
I cannot use %s in my prepared statement.
echo $get_where; // returns: edited = 1
$get_uncontacted_members = $wpdb->get_results(
$wpdb->prepare("SELECT * FROM yc_customers WHERE %s", $get_where)
);
This code returns an empty array. But when I use $get_where instead of %s (see code bellow), then it returns all the results from the database.
// This works
echo $get_where; // returns: edited = 1
$get_uncontacted_members = $wpdb->get_results(
$wpdb->prepare("SELECT * FROM yc_customers WHERE edited = 1", $get_where)
);
Why wouldn't it work with %s?
WordPress while uses the sprintf() syntax, it actually works like prepared statements. As such you can only pass the value of the column you are querying against, not entire column(s) and values.
$get_uncontacted_members = $wpdb->get_results(
$wpdb->prepare("SELECT * FROM yc_customers WHERE IFNULL(edited,'') = %s", 1)
);
I have a foreach loop that should add a row to the table "notifications"
$infoquery = "SELECT `user_id` FROM reply WHERE `post_id` = '" .$replyid. "'";
$identifier = mysqli_query($dbc, $infoquery);
$rows = mysqli_fetch_array($identifier);
foreach(array_unique($rows) as $row){
$core->addNotification($row['user_id'], $link, $description);
}
however it is only adding one value, when it should add two notifications, one for user 1 and one for user 3
You are fetching only one single row, it should be like this:
$infoquery = "SELECT `user_id` FROM reply WHERE `post_id` = '" .$replyid. "'";
$identifier = mysqli_query($dbc, $infoquery);
while($row = mysqli_fetch_array($identifier)){
$core->addNotification($row['user_id'], $link, $description);
}
Aside from tkausl's correct answer, your other problem is unique visitors: array_unique compares the string values of an the items in the array.
Let's look at this:
var_dump(strval(array("bob")), strval(array("ed")));
Which outputs:
string(5) "Array"
string(5) "Array"
(and a whole load of errors).
So, as their string representation is the same, if you expect an multidimensional array array(array("user"=>"bob"),array("user"=>"ed")), you will remain with only one entry in there. Now, there's a whole lot of ways to work around that in PHP, but your database is better at it, use:
SELECT DISTINCT `user_id` FROM reply WHERE `post_id` = '" .$replyid. "'";
(But do look into prepared statements instead of adding raw parameters / query building).
Alternatively if you have a small result set, you could use that result to get all the data at once and avoid using iteration to fetch the data by using $result->fetch_all according to the manual (see http://php.net/manual/en/mysqli-result.fetch-all.php), as follows:
<?php
$query = "SELECT `user_id` FROM reply WHERE `post_id` = '" .$replyid. "'";
$identifier = mysqli_query( $dbc, $query );
$result = $mysqli->query( $query );
$rows = $result->fetch_all( MYSQLI_ASSOC );
foreach ( $rows as $row ) {
$core->addNotification( $row['user_id'], $link, $description );
}
Here is a mySQL query with the password and usernames deliberately botched out. It is returning only one result is not returning any other information than today's date for that one result. It does not matter what search one tries it is not functioning.
<?php
$proto = $_GET['p'];
$terms = $_GET['f'];
$return;
if($proto == 'inline'){
echo 'checking';
$username="*******";
$password="*******";
$database="*******";
$my_text = $_GET['f']; //what I'm searching for
$my_category = '8'; //whatever category number it is
mysql_connect(localhost,$username,$password) or die(mysql_error());
mysql_select_db($database) or die(mysql_error());
$result = mysql_query("SELECT ID FROM wp_posts WHERE post_title LIKE '%$my_text%' ");
// select all posts that have your text
while ($row = mysql_fetch_array($result));
$postname = $row['post_name'];
$posttitle = $row['post_title'];
$postID = $row['ID'];
$date = date ( 'd-M-Y' , strtotime($row['post_date']) );
$return.= '
'.$posttitle.' ('.$postname.')<br /><span style="font-size:10px; color:#555;">'.get_the_time("d-M-Y", $postID).' - '.get_post_meta($postID, "status", true).'</span>
';
//while have posts
echo $return;
}
?>
In addition to the other information:
I might be missing it, but I don't see you encompassing anything in your while loop.
That would be why it's only getting one. You need to use braces { }
Your query does not select post_name, post_title, or post_date. You said SELECT ID FROM wp_posts, so it selected ID and nothing else, as instructed. Your date() call sort of works because strtotime() is returning false, so it uses today's date as a fallback.
This:
mysql_query("SELECT ID FROM wp_posts WHERE post_title LIKE '%$my_text%' ");
is very unsafe - my_text isn't escaped, and is taken from GET params, so it opens you to a SQL Injection attack. Escape it using mysql_real_escape_string, or, better yet, use parametrized queries in your code.