This question already has an answer here:
Fetching one row only with MySQLi
(1 answer)
Closed 7 years ago.
I've tried looking around and couldn't find an answer myself, so I'll post my problem instead, maybe it will help other people :)
I'm making a mysql query and getting an array out of it as it's supposed to do, but I want to take my first result out of this array and put that result in a variable instead so I can use it in my logic.
$conn = new mysqli($servername, $username, $password, $dbname);
$value_High = mysqli_query($conn, "SELECT MAX(picID) from pictures");
$id = mysqli_data_seek($value_High, 0);
var_dump($id);
I've tried some different things, I get a bool out of myqli_data_seek which is not what I want ofc, so I obviously need to use something else, I just don't know what.
$id = mysqli_fetch_row($value_High);
Related
This question already has answers here:
Why does this PDO statement silently fail?
(2 answers)
Closed 2 years ago.
I am trying to return information from my database, but all I get is an empty array when I know the database table is not empty.
This is my code
$pdo_dbconn = new PDO("pgsql:host=localhost;dbname=null;user=null;password=null")
or die ("Could not connect");
$sql = $pdo_dbconn->prepare("SELECT * FROM prsnl_codes;");
$sql->execute();
$array = $sql->fetchALL();
var_dump($array);
This is what the response is
array(0) {}
Can anyone tell me what is going on?
I solved the issue, and all the code up there was correct. The problem I was having was permission on the database, which I resolved.
This question already has an answer here:
How to preserve SQL data type when using mysqli non-prepared statements
(1 answer)
Closed 2 years ago.
Is there a my.cnf (or php.ini) option/settings which will tell php's mysqli extensions to either return the data with the correct data types (ie: int/float/string) or just string?
I ask because I have 2 instances of identical code (unmodified) on 2 different servers, both using php7 and mysql (mariaDB). However, it seems that one returns the query results as all strings while the other returns the query results with the correct data types.
Calls are along the lines of:
$driver = new mysqli_driver();
$driver->report_mode = MYSQLI_REPORT_STRICT | MYSQLI_REPORT_ERROR;
$mysqli - new mysqli('p:'. $host, $user, $pass, $name);
$mysqli->set_charset('utf8');
$query = "SELECT fieldInt, fieldString FROM mytable";
$result = $mysqli->query($query);
$dataSet = array();
while($row = $result->fetch_assoc()){
$dataSet[] = $row;
}
echo json_ecnode($dataSet);
Please note, i'm aware of the options(MYSQLI_OPT_INT_AND_FLOAT_NATIVE, 1); option and understand that it will likely fix the problem. What i'm wanting to know is if there are ANY OTHER settings/options which might affect the data type returned as I have 2 identical instances which are returning data in different types.
Not all SQL numeric types can be represented as PHP int or float types.
For example, how would you store an UNSIGNED INTEGER from SQL as a PHP int?
I don't know why two instances which are "identical" as you say are behaving differently. I suspect they aren't as identical as you think they are.
This question already has answers here:
How to change mysql to mysqli?
(12 answers)
Closed 2 years ago.
As mysql_real_escape_string is now deprecated, I have to change one function on the site that is using it. For the life of me, I can't figure out proper mysqli or pdo code to use. Maybe someone can guide me at the right direction. This is how it currently looks.
if (isset($_GET['btnSearch']) && !empty($_GET['txtSearch'])) {
$txtSearch = trim(mysql_real_escape_string($_GET['txtSearch']));
if (preg_match("/^(?i)BAW[0-9]+/", $txtSearch)) {
$pilot->pilot_num = strtoupper($txtSearch);
} else {
$pilot->name = $txtSearch;
}
}
Thank you all.
To replace mysql_real_escape_string with mysqli_real_escape_string you need to have an already opened connection to your DB like this:
$DBH = new mysqli($dbhost, $dbusername, $dbpasswd, $database_name);
then you can replace
mysql_real_escape_string($_GET['txtSearch'])
with
$DBH->real_escape_string($_GET['txtSearch'])
As it appears, I already have open connection and framework handles the query. All that needed is removal of
mysql_real_escape_string
This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 8 years ago.
So I am having this strange issue with PDO, in that queries with bound variables are not executing properly for some reason. Let me show some code:
$conn = new PDO("mysql:host=$db_host;dbname=$db_name", $db_user, $db_pwd);
$sth=$conn->prepare("select count(*) from article");
$sth->execute();
var_dump($sth->fetchColumn());
This will print out the correct number of entries in the table "article".
However, if we change it slightly, by making the table a named parameter instead of a constant:
$conn = new PDO("mysql:host=$db_host;dbname=$db_name", $db_user, $db_pwd);
$sth=$conn->prepare("select count(*) from :article");
$sth->execute(array(":article"=>"article"));
var_dump($sth->fetchColumn());
This will print a boolean false. Both statements should return the same result, but I have no idea why the second one is not working. I suspect I have a typo somewhere, but I checked several times, and I don't see any issue. Anyone have any idea?
Not possible. You're trying to use a placeholder for a tablename. This is not permitted. placeholders can only replace values.
SELECT count(*) FROM :table WHERE field=:article
^^^^^^--illegal ^^^^^^^^--legal
For this, you'll have to use old-fashion string building:
$table = "article";
$sth=$conn->prepare("select count(*) from $table");
which then re-opens the SQL injection attack vulnerability, because you're now directly inserting external data into an SQL string.
This question already has answers here:
mysql_fetch_array()/mysql_fetch_assoc()/mysql_fetch_row()/mysql_num_rows etc... expects parameter 1 to be resource
(31 answers)
Closed 9 years ago.
Ok, so I know the question about 'why am I getting this warning with mysql_fetch_array...' has been asked several times, my problem is all the accepted answers state that the reasons the server is spitting this warning out is because the query itself is incorrect...this is not the case with me.
Here is the code below:
$dbhost = "host";
$dbuser = "user";
$dbpass = "pass";
$dbname= "db";
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname) or die ('<META HTTP-EQUIV="Refresh" CONTENT="0;URL=Failed.php?dberror=1">');
$token = mysql_escape_string($_GET['token']);
$query = "SELECT * FROM newuser WHERE token='$token'";
$result = mysql_query($query) or die(mysql_error());
while($row=mysql_fetch_array($result)) {
do stuff...
}
Everything within the 'while' statement is being executed just fine - it makes some changes to the DB which I can validate is happening. More importantly, the query never spits out any error details. I've tried testing for cases where $result===false and asking for error info but it won't return anything then either. From what I can tell, the query string is fine and is not failing.
What am I doing wrong here? Could there any other reason why PHP doesn't like my While parameters other than the SQL statement is bad (which again, I'm convinced it's not bad)?
Also, I know I should be using mysqli/PDO....I plan to switch over to that in the near future, but I'm pulling my hair out just trying to make this work and I have no idea why it won't. It's more of a personal thing at this point...
Thanks for your help, and let me know if you need any additional info. (PHP Version 5.3)
Here is an echo of the query string ($query):
SELECT * FROM newuser WHERE token='6e194f2db1223015f404e92d35265a1b'
And here is a var_dump of the query results ($result): resource(3) of type (mysql result)
$query = "SELECT * FROM newuser WHERE token='$token'";
$result = mysql_query($query) or die(mysql_error());
while($row=mysql_fetch_array($result)) {
do stuff...
}
If the die statement is not executed, $result is OK when you enter the while loop. The problem then is probably that you use $result for a query inside the loop as well, eventually leading to it being set to false.
So for now i can say that the problem is not the mysql_escape_string nether the using of mysql at all neither access privilege from user name and password and what i want to tell you is to test the $result and if it is a resource proceed with your while block like this
if(is_resource($result))
{
while($row = mysql_fetch_array($result))
{//process your code here}
}
and tell me if the code has been also executed :)
The query is not correct according to mysql_. The error you're receiving is telling you that $result is boolean (false).
Where is $token coming from? You best stop using mysql_ functions and use a prepared statement and a bound parameter.
your escape is wrong try this
$token = mysql_real_escape_string($_GET['token']);
instead of $token = mysql_escape_string($_GET['token']);
This extension is deprecated as of PHP 5.5.0, and will be removed in the future.
http://php.net/manual/en/function.mysql-real-escape-string.php