$com_emails=mysql_real_escape_string($_POST['com_email']);
//$E=mysql_query("SELECT users.user_id FROM users WHERE users.email = '".$com_emails."' LIMIT 1");
$E=mysql_query("SELECT users.user_id FROM users WHERE users.email = 'go1#go1.com' LIMIT 1");
$E_row = mysql_fetch_row($E);
echo $E_row[0];
When I use the $com_emails the query does not seem to work. If I manually add the e-mail it works just fine. I've also tried doing "'$com_emails'" but nothing seems to working.
IS there a syntax issue I am missing that is obvious
Are you seeing an errors relating to mysql extensions being deprecated? I assume that you have established your db connection prior to the call to mysql_real_escape_string ? I'd suggest you try something like the following just to see what is going on:-
#error_reporting( E_ALL );
$com_emails=$_POST['com_email'];
$sql="SELECT `user_id` FROM `users` WHERE `email` = '".$com_emails."' LIMIT 1";
echo $sql;
/* Uncomment below if th sql looks correct etc */
/*
$E=mysql_query( $sql );
$E_row = mysql_fetch_row($E);
echo $E_row[0];
*/
Related
I am making an error with PHP SELECT WHERE code - which should be simple, but I have made no progress.
The code works with SELECT FROM line, but not with the SELECT FROM WHERE `line.
I have spent a few hours with no luck.
I have tried different syntax combinations with no progress.
$sql = "SELECT * FROM `customer_crm` WHERE `sales_agent` = '$username'";
//$sql = "SELECT * FROM `customer_crm`"; /* this works*/
Assuming that you set a default character encoding, you can use mysqli_real_escape_string to avoid SQL Injections. However, the comment to use a prepared statement is really the best advice here.
However, with mysqli_real_escape_string your SQL should work like that:
$sql = 'SELECT * FROM `customer_crm` WHERE `sales_agent` = "'.mysqli_real_escape_string($link,$username).'"';
You can even try this query
$sql = "SELECT * FROM customer_crm WHERE sales_agent = '".$username."'";
The code below is part of a simple password manager. I get an error saying the Query is empty yet the query works just fine in MySQL. (The 1 and the test value were originally variables I just changed them to values as part of my troubleshooting). I am also aware that the column names user and password may be problematic, but I added ` around them. What else could be wrong with that code?
$change_pass_query = "UPDATE `user` SET `password` = PASSWORD('test') WHERE id = 1";
$change_pass_result = mysql_query($change_pass_query) or die('Error. Change Password Query failed: '. mysql_error());
Try formatting your SQL like this:
UPDATE `user` SET `password` = 'test' WHERE `id` = 1
http://php.net/manual/en/function.mysql-query.php
Notice the warning at the top of that page. Nobody uses mysql_query or any plain mysql functions. Research mysqli/mysqli_query, and PDO.
Here's how you could do this with PDO:
$pdo = new PDO("mysql:host=localhost;dbname=mydb","username","password");
$stmt = $pdo->prepare("UPDATE `user` SET `password` = PASSWORD(:password) WHERE id = :id");
$result = $stmt->execute(array(':password' => "test",':id' => 1));
if (!$result) die('Error. Change Password Query failed: '. mysql_error());
Here's some documentation on PDO: http://php.net/manual/en/book.pdo.php
I ended up renaming all tables and fields so that I didn't use any reserved words, as I thought that the issue might be that. The problem still happened. I then copied my code to a different PHP box, et voila, the code works just fine. I'll have to put it down to an issue with the PHP version/installation on the older box and move on. There is nothing wrong with the code.
hello i have a question about some SQL query that keep give me an error
Code :
$result = mysql_query("SELECT email FROM users WHERE user_id='$uid' and set emailchange=1");
the query keep giving me an error
any help ?
Try following query
$result = mysql_query("SELECT email FROM users WHERE user_id=$uid and emailchange=1");
You can also update after select the data:
$result = mysql_query("SELECT email FROM users WHERE user_id='$uid' and set emailchange=1");
if($result){
$result2 = mysql_query("UPDATE email set emailchange=1 WHERE user_id='$uid'");
}
The error is caused by the set here:
and set emailchange=1
You can't select and update in the same SQL statement, you need to execute the update statement then write a select statement to grab the email - assuming that is what you mean to do so:
Update the field:
$result = mysql_query("UPDATE users set emailchange = 1 where user_id='$uid'");
select the data:
$result2 = mysql_query("select email from users where user_id='$uid'");
You really should escape $uid before passing it to the query and ideally you should be using PDO!
I have php script like this
$query = "select * where userid = 'agusza' ";
$result = mysql_query($query) or die(mysql_error());
while($row=mysql_fetch_array($result)) {
echo $result;
}
when I execute, the result like this
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where userid = 'agusza'' at line 1
But when I run that sql in sqlserver, it running well
Anybody has solution ?
$query = "select * from table_name where userid = 'agusza' ";
See the corrections I have made. You haven't used the right syntax for SELECT query
You didn't select a table using FROM. Without that, it does not know which table you are selecting data from.
You should also stop using mysql as it is deprecated. Use mysqli or PDO as they are safer.
You are also echoing the wrong variable in your while loop, try this:
while ($row = mysql_fetch_array($result) {
echo $row['column_name'];
}
$query = "select * from table where userid = 'agusza'";
Right now, you're not telling which table SQL should look in.
You should format your query like so:
select * from `TableName` where userid='agusza'
In your query below you doesnt state the database table where you should get that data using FROM
$query = "select * where userid = 'agusza' "; // instead of this
$query = "select * FROM declaredtable where userid = 'agusza' "; used this
I need an extra pair of eyes! I have a super-simple query:
$result = $mysqli->query("SELECT post_id FROM blog_posts WHERE post_uri = 'the-test-post' LIMIT 1");
$row = $result->fetch_array();
and this gives me the post_id. However, if I insert a variable for post_uri, the result is empty. Ways I tried of which none worked:
$result = $mysqli->query("SELECT post_id FROM blog_posts WHERE post_uri = '".$post_uri."' LIMIT 1");
$result = $mysqli->query("SELECT post_id FROM blog_posts WHERE post_uri = ".$post_uri." LIMIT 1");
$result = $mysqli->query("SELECT post_id FROM blog_posts WHERE post_uri = $post_uri LIMIT 1");
I have similar query on another page working just right, so that confuses me even more. Help appreciated.
You are slapping a variable directly into a query. This is error prone (as you are discovering) and has a high risk that you'll fail to sufficiently sanitise it (and thus cause an SQL injection vulnerability).
Use the PDO layer and bound variables.
If you put that query in a string and echo it, you can check what happens. There might be something wrong with that variable!
echo "SELECT post_id FROM blog_posts WHERE post_uri = '".$post_uri."' LIMIT 1";
And so on. I'll bet there's either nothing, or something you're not expecting in that $post_uri, because it shouldn't matter to mysql how you've build your query.
I had a similar problem. Your syntax looks fine. Try to use a simple version of the
db connection call. Below are compared the version that worked (above) to the one
that failed (below).
$sqli = new mysqli('localhost', 'my_user', 'my_password', 'my_db');
$mysqli->real_connect('localhost', 'my_user', 'my_password', 'my_db')
I had use a variable in my query and had a $mysqli->real_connect db connection.
That would not work. But when I switched to the new mysqli type I was surprised
that the variable query did work.
I hope that works out for you.