I have been trying to write the the select statement to fetch from the products table using the combination of the companyid and customerid, I am very sure I'm not doing it the right way, kindly help me to write the right sql to fetch using these parameters.
$customerid=$_SESSION['customersid'];
$companyid=$_SESSION['companyid'];
$test="SELECT producttype,quantity FROM product WHERE username= '" . mysql_real_escape_string($customerid) . "'" . 'AND'.mysql_real_escape_string($companyid) . "'" ;
You must put the fieldname for the companyid in the query
$test="SELECT producttype,quantity FROM product WHERE username= '" . mysql_real_escape_string($customerid) . "'" . 'AND COMPANYID_FIELDNAME ='.mysql_real_escape_string($companyid) . "'" ;
your syntax is incorrect. Try the following:
$customerid = mysql_real_escape_string($_SESSION['customersid']);
$companyid = mysql_real_escape_string($_SESSION['companyid']);
$test = "
SELECT producttype,quantity
FROM product
WHERE username='$customerid'
AND company='$companyid'
";
Btw, you should be using mysqli and not mysql since it is deprecated.
Related
I am using codeigniter to build an app and I am really far in the code.
I have a table with column headers id, page, user and like. Now the problem is, in the mysql query, I realised I cant use the word like for the column name as its a sql keyword I belive.
I can't change the column name from like to something else because it would mean changing 100s of lines of php code.
Is there something that i can do to overcome the clash of the world like?
here is what I mean
$like_variable = 100;
$query = $this->db->query("SELECT * FROM `table_name`
WHERE id ='" . $qry . "' AND
page = '" . $_SESSION['p_id'] . "' AND
user_id = '" . $_SESSION['user_id'] . "' AND
like = '" . $like_variable . "'
");
// i think i cant use the world like above but I cant change the column header
Any solutions would be much appreciated thanks in advance
In SQL, you can use keywords as column names. Wrap them in ``.
SELECT * from `table_name` WHERE `like` = 100
Change like to:
`like`
Result:
$like_variable = 100;
$query = $this->db->query("SELECT * FROM `table_name`
WHERE id ='" . $qry . "' AND
page = '" . $_SESSION['p_id'] . "' AND
user_id = '" . $_SESSION['user_id'] . "' AND
`like` = '" . $like_variable . "'
");
I am using these two MySQL statements to get all messages between two users, but I am running into a pretty big problem when it comes to manipulating the data later in the code since it's not in order by ID. Is there any way to combine these statements AND order the results by ID?
$sql = "SELECT * FROM messages WHERE sender='" . $username . "' AND receiver='" . $chatPartner . "'"
$sqlTwo = "SELECT * FROM messages WHERE sender='" . $chatPartner . "' AND receiver='" . $username . "'"
Essentially, I need every occurrence of a message between two people, but sorted by ID. As of right now, I am joining the arrays to get my full list, but it's not in order by ID.
SELECT * FROM messages
WHERE (sender='" . $username . "' AND receiver='" . $chatPartner . "'")
OR (sender='" . $chatPartner . "' AND receiver='" . $username . "'")
ORDER BY id DESC
How about just combine both into 1 query ?
$sql = "SELECT * FROM messages WHERE (sender=" . $username . " OR sender =". $chatPartner .") AND (receiver=" . $chatPartner . " OR receiver=" . $username .") ORDER BY id"
You could also write a shorter version of #dtj's answer using row constructors.
SELECT *
FROM messages
WHERE (sender, receiver) IN (($username, $chatPartner),($chatPartner, $username))
ORDER BY id DESC
In my opinion it looks a bit nicer in code and makes it more readable, but remember that it doesn't improve performance of execution.
guys i have a large database so when i want to fully update my some column i have timeout error (i attempt some method to increase timeout and fail) But my question is i want to bypass this problem i want to update my empty column in some table. so i want to use this query code but i have blank page with no error can some one tell me what problem with that or if possible pleas tell me a good method.
$sql = 'SELECT topic_first_poster_avatar FROM ' . TOPICS_TABLE . ' WHERE topic_poster = ' . (int) $row['user_id'] . 'IF topic_first_poster_avatar = ""
SET topic_first_poster_avatar = \'' . $db->sql_escape($avatar_info);
$db->sql_query($sql);
As plalx said in the comments, you don't need a SELECT or IF, you can specify WHERE for the update statement and have multiple contraints with AND/OR.
$sql = "UPDATE ". TOPICS_TABLE ."
SET topic_first_poster_avatar = '" . $db->sql_escape($avatar_info) ."'
WHERE topic_poster = " . (int) $row['user_id'] . " AND topic_first_poster_avatar = ''";
I am learning how.. but failing....
When I run this query I get all the products for the product type entered.
$productchk = "SELECT products"
. " from products"
. " WHERE active = '0' and product_type = '" . [v_product_type] . "'";
but I need to add the following:
order by product Limit 1
to the query and I have tried . " I keep getting syntax errors.
I thought that by adding it before the "."; on the end of statement would work but it doesnt..
Any thoughts?
Also.. what would you look up on the internet to learn about creating statements like this?
The last ' closes the value of product_type, so if you insert stuff there, it gets interpreted as part of that value. Append after "'" but before the closing ";".
Effectively:
$productchk = "SELECT products"
. " from products"
. " WHERE active = '0' and product_type = '" . [v_product_type] . "'"
. " order by product Limit 1";
Also, please use stored procedures and prepared statements! It's 1. faster, 2. much safer, 3. less escaping
$productchk = "SELECT products"
. " FROM products"
. " WHERE active = '0' AND product_type = '" . $v_product_type . "'"
. " ORDER BY product LIMIT 1";
I am trying to use the result of one mysql query in another mysql query, but I'm obviously doing something wrong. This is what I have:
<?php
$result = mysql_query('SELECT panel_product_no
FROM panelProduct
WHERE length_mm = "' . ($_POST["p_length_mm"]) . '"
AND width_mm = "' . ($_POST["p_width_mm"]) . '"
AND veneer_type = "' . ($_POST["p_veneer"]) . '"
AND lipping = "' . ($_POST["p_lipping"]) . '"');
$panel = mysql_fetch_array($result);
?>
And then I want to use that in this bit:
<?php
if(!empty($_POST[p_length_mm]) && !empty($_POST[p_width_mm]) && !empty($_POST[p_aperture]))
{
$sql3="INSERT INTO estimateDescribesPanelProduct (estimate_no, panel_product_no, quantity)
VALUES ('$_GET[estimate_no]','$panel','$_POST[p_quantity]')";
if (!mysql_query($sql3,$con))
{
die('Error: ' . mysql_error());
}
}
?>
The query is basically working in that it is inserting the posted estimate_no and quantity into the DB, but not the correct panel_product_no (it just inserts '0'). How can I get it to insert the $result value?
P.S. I know that I should not be using mysql functions and I will not be in future, however I am so nearly finished with this project that at this point I am not in a position change.
Your are basicly copying content from one table to another.
Wy not use the MySQL INSERT .. SELECT syntax?
as #Dmitry Makovetskiyd wrote, mysql_fetch_array() returns a resource, not manipulatable results.
For example:
$result = mysql_query('SELECT panel_product_no
FROM panelProduct
WHERE length_mm = "' . ($_POST["p_length_mm"]) . '"
AND width_mm = "' . ($_POST["p_width_mm"]) . '"
AND veneer_type = "' . ($_POST["p_veneer"]) . '"
AND lipping = "' . ($_POST["p_lipping"]) . '"');
$resource = mysql_fetch_object($result);
You need to add in:
$panel = $resource->'panel_product_no';
You can then continue with your second query.
Note the change from mysql_fetch_array() to mysql_fetch_object() - as your query suggests you are only retrieving a singular value from the table (assuming there is only a singular panel with the specified length, width, veneer type and lipping), the object method will work fine.