I'm trying to output a simple list with all the usernames registered on a single e-mail address in our database. The SQL queries necessary for it shouldn't be too hard, but apparently they are too hard for me - here's my issue:
$sql = "SELECT emailaddress FROM ".db_prefix("accounts")." where acctid = '$mailid'";
$mailadress = db_query($sql);
That one's working just fine - I'm declaring mailid in a earlier part of the code, and with that query I can output the e-mail adress (for debugging) of the currently logged in user without any problems. Fine so far.
$sql = "SELECT name FROM ".db_prefix("accounts")." where emailadress ='$mailadress'";
$charakterliste = db_query($sql);
Here's the issue: $charakterliste seems to stay empty, even though I'm pretty sure my syntax is correct. var_dump() and print_r() don't return anything that would point towards the array/variable containing something.
I've double checked and executed a similar query directly in the SQL database and found no problems there - all the fields I'm calling do exist, and the DB connection is fine too. I guess something is wrong in my syntax for the second SQL query? I'd want to list all the names saved in the $charakterliste afterwards with a foreach loop, but as of now there doesn't seem to be anything to list saved in there, although there should be.
Thanks in advance!
Are you sure the column 'emailadress' exist?
Maybe it's 'emailaddress' with two 'd'?
According to your first line of code it should be 'emailaddress'.
$sql = "SELECT name FROM ".db_prefix("accounts")." where emailaddress ='$mailadress'";
$charakterliste = db_query($sql);
Related
Is the following update query a legal statement? It replaces the existing value with an empty value instead of the word gossamer. It does not fail as far as I can tell. It changes the value in the database from whatever it was before to empty.
$sqld = "UPDATE mynotes SET notes = 'GOSSAMER' WHERE id = '2039'";
$resupdate = mysql_query($sqld) or die(mysql_error());
if ($resupdate) {
$success=1;
$message .="success with update";
}
The query is part of an an API and it returns a result in JSON. While this makes debugging more time consuming, this should be besides the point. If the above is an entirely legal update statement, then at least I can rule out a syntax issue and search for the problem elsewhere.
I have verified that the above code does work in a standalone php file. Something else in code is causing the issue.
Yes, mysql is deprecated in favor of mysqli and PDO. But upgrading legacy site is not in job scope.
It replaces the existing value with an empty value instead of the word gossamer
Assuming this statement is accurate then either:
1) the attribute 'notes' is of type ENUM whose values do not include 'Gossamer'. But you didn't share the DDL for the table.
2) Your code is not executing the query you've shown us here - the query it is executing should be in your MySQL logs
I am trying to change my log in script from mysql to PDO.
For the rest of my script all seams to be going well apart from this parts and I simply cant see why.
I have the below code
...
$pasword=md5($_POST['password']);
$email=$_POST['email'];
....
$query ="SELECT id FROM guests WHERE email=':eml' AND password =':pwd' AND lead_guest=17";
// $param2=array(':eml'=>$email,':pwd'=>$pasword);
$state=$dbh->prepare($query);
$state->bindParam(':eml',$email);
$state->bindParam(':pwd',$pasword);
$state->execute();
in it's current state it will return a row count of 0 (which it should not), I have also tried
//$state->bindParam(':eml',$email);
//$state->bindParam(':pwd',$pasword);
$state->execute($param2);
which also returns a row count of 0.
The variables $email and $pasword are correct when I echo them out, and the script works perfectly using mysql_ functions.
The $dbh variable is in created in a header and with a $query ="select id where 1" it works as expected.
I am sure (although could be wrong ) that I have the problem narrowed down to the state->bindParam() part of the script. I am completely lost why this part of the script is not working any advice warmly welcome.
Remove single quotes ' :
SELECT id FROM guests WHERE email=:eml AND password =:pwd
Your query will be
$query ="SELECT id FROM guests WHERE email=:eml AND password =:pwd AND lead_guest=17";
No single quotes around :eml and :pwd.
mysql_query running an UPDATE query isn't working for me, what am I doing wrong?
if($get_ip['user_ip']== ''){
$insert_ip = mysql_query("UPDATE user SET user_ip='$user_ip' WHERE username='$username' AND password='$password'");
if(!$insert_ip){
$message = 'invalid query'.mysql_error();
die($message);
}else{
echo ('success!');
};
};
Basically I am trying to update the table user at user_ip row with value ip_user, if user_ip field is empty of course.
So nothing updating and the user_ip filed remains empty please help.
There are two things I can see on your script.
you are using if($get_ip['user_ip']== '') statement, which will insert data when $get_ip['user_ip'] is only empty or it will ignore to insert data when $get_ip['user_ip'] have some data.
You are using SET user_ip='$user_ip' on update query, I may not be correct, however I assume that you are trying to store data from $get_ip['user_ip'], if this is the situation use SET user_ip='$get_ip['user_ip']' instead of SET user_ip='$user_ip' on your insert query.
if($get_ip['user_ip']== '')
won't work except if $get_ip['user_ip'] is empty.
use
if(!empty($get_ip['user_ip']))
instead
There are just soooo many things wrong here, but in the interest of being helpful:
Assign the query string to variable rather than directly injecting it into the mysql_query function. Then, echo this string out. This will show you want you are sending to the database. Copy that output somewhere, and then log into whatever you use to manage your database (I assume it'll be phpMyAdmin). Open up your database and then the table you're targeting, and then use the query editor to run your query (paste the output you copied earlier).
If your query string isn't what you expected, you have a code error.
If your query is as you expected, and runs in the database tool, you
likely have a permissions issue with the user account you're using in
your connection string.
If your query is as expected, but doesn't run correctly in your
database tool, your problem most likely is a schema error.
I tried both
$query = "INSERT INTO reservation VALUES ('".$hour."','".$minute."','".$day."','".$month."','".$year."','".$name."','".$table."')";
$query = "INSERT INTO reservation VALUES ('$hour','$minute','$day','$month','$year','$name','$table')";
But none of them work, I get a blank page, and no errors in my error logs. I tried doing echo to all the variables and I got their values.
Here is the overall function:
function makeReservation($trtime,$hour,$minute,$day,$month,$year,$name,$table,&$db)
{
//$query = "INSERT INTO reservation VALUES ('".$hour."','".$minute."','".$day."','".$month."','".$year."','".$name."','".$table."')";
$query = "INSERT INTO reservation VALUES ('$hour','$minute','$day','$month','$year','$name','$table')";
$result = $db->query($query) or die(mysql_error());
}
I'll make a few suggestions. First, I'll assume that you actually know what you're doing when you say there is no error.
1) Make sure you work on the good database. You can do a SHOW TABLES query to see what tables it contains, or a SELECT * FROM reservation to see its content.
2) Right after you insert the row, do a SELECT * FROM reservation query and check if your row is there.
3) Make sure you call your function...
Then, as I said in comments, you should use the DATETIME type instead of using different columns for hours, minutes, etc. If you need to select a particular attribute, use the appropriate function (for example, SELECT HOUR(your_column))
The quotes around integers shouldn't make your query fails, but it's still better for clean code purposes to remove them if not necessary (and make sure you escape your data correctly, of course).
The php you posted looks fine.
If you're getting a blank page, it's likely that something is failing before the function calls. Maybe a parsing error?
If you're not seeing anything in the error logs, try changing your error logging settings in the php.ini.
display_errors = E_ALL
If you're on shared hosting, you can often override using .htaccess http://davidwalsh.name/php-values-htaccess
[UPDATED] with new code "sql_real_escape_string()"
[UPDATED] if anyone wants to look at the site its at Test site
[UPDATED] with the while code showing any results via echo
Hello All,
I have looked at many posts on this matter, but simply cannot understand why the following code doesn't work:
$username = $_POST['username'];
// get the record of the user, by looking up username in the database.
$query = sprintf("SELECT UserName, Password FROM userlogin WHERE UserName='%s'", mysql_real_escape_string($username));
$result = mysqli_query($dbc, $query) or
die ("Error Querying Database for: " . $query .
"<br />Error Details: " . mysql_error() . "<br/>" . $result);
while ($row = mysqli_fetch_assoc($result))
{
Echo($row['UserName']);
}
The Code seems to be correct... the database is working perfectly (for input purposes) and the connection is a shared connection applied with require_once('databaseconnection.php'); that is working for the registration side of things.
like normal I'm sure this is something simple that I have overlooked but cannot for the life of me see it!
I do not get any error messages from the myssql_error() its simply blank.
any help would be much appreciated.
Regards
Check the username you try to query as it might be empty. Do you really use a post-request to run that script? How do you verify that it does not work? What do you do with $data after the query?
If just nothing seems to happen it is likely your query did not match any record. Check for whitespace and case of the username you are looking for.
Mind those warnings:
Use a prepared statement or at least sql-escape any user-input before using it in sql.
Don't use die in serious code only for debugging.
The $data will contain a result object. You need to iterate over it using something like mysqli_fetch_assoc($data).
Also, you can interpolate variables directly into double quoted strings - i.e. UserName='".$username."'" could be written more cleanly as UserName='$username' rather than breaking out of the string.
Also, please sanitize your input - all input is evil - using mysqli_real_escape_string() function. You've got a SQL injection exploit waiting to happen here.
Bear in mind that it's a very good idea to validate all data to be inserted into a database.
Very often you have problems with query itself, not implementation. Try it in phpMyAdmin first and see if there are any problems.
Check server logs.
BY THE WAY: Never put variables from POST to query! That's definitely a SQL injection'
You might have some issue with the query.
Have you Tried to echo the $query and run that directly with mysql client or workbench?
This piece of code seems ok. That is, if $dbc contains an actual database connection. But the choice of naming that variable $data while the function actually returns a result object or a boolean, indicates that you may process the data wrong.
If that is not the problem, we'll definately have to see more code.
Try printing $data variable instead of printing only query. Check, whether you are able to get any error messages. If you could see any data then you should use mysql fetch function to iterate things. Try it.