<?php
if (!isset($_POST['submitted'])) {//1
// Checs for the ID
if (isset($_GET['id']) && is_numeric($_GET['id'])) {//2
// MySQL Connect
require_once('mysql_connect.php');
$id = mysql_real_escape_string($_GET['id']);
$query = "SELECT id, name FROM websites WHERE id = $id";
$result = mysql_query($query) OR die (mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
?>
// ROW WITH THE ERROR
<?php echo $row['name']; ?></strong><br /><?php echo $row['banner']; ?><? echo $row['description'];?>
<?php
} else {
echo '<font color="red">You have to select a server to view</font>';
die();
}
} else {
// MySQL Connect
require_once('mysql_connect.php');
$id = mysql_real_escape_string($_POST['id']);
// Choose the web for votes
$query = "SELECT id, votes FROM websites WHERE id = $id";
$result = mysql_query($query) OR die(mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$votes = $row['votes'];
$url = $row['url'];
$id = $row['id'];
$banner = $row['banner'];
$result = mysql_query($query) OR die(mysql_error());
} // end
?>
All that is printing is the Name, the rest is not being printed.
I'm just wondering where i'm going wrong?
Its supposed to print the Name, Banner, and description from $id.
You never actually select banner and description in your query so they are not available in your resultset.
$query = "SELECT id, name, banner, description FROM websites WHERE id = $id";
You need to specify ALL desired fields that you wish to retrieve in your SQL query:
$query = "SELECT id, name, banner, description FROM websites WHERE id = $id";
Alternatively, use SELECT * FROM websites to retrieve all available rows.
Related
I have two databases and i have one table "TabelaX" in database "Servidor1" with out data and other database "Servidor2" with one table "TabelaY". And i want do one select in table "TabelaY" and with her data do one Update in table "TabelaX" which is in another database. I already made some code but it is not working correctly.
<?php
$conn= mysqli_connect('localhost','root',null,'Servidor2') or die
(mysqli_connect_error());
if (!$conn) {
die("Falha de conexao: ". mysqli_connect_error());
}
$ID = $_POST['ID'];
$sql = "SELECT * FROM TabelaY WHERE ID = $ID";
$result = mysqli_query($conn, $sql);
mysqli_select_db($conn,"Servidor1");
if (mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_assoc($result)) {
$row1 = $row["ID"];
$row2 = $row["Data"];
}
} else {
echo "0 results";
}
$sql = "INSERT INTO Servidor1.TabelaX (ID, Data)
SELECT ID, Data
FROM Servidor3.TabelaW
WHERE ID = $ID;";
$sql = "UPDATE Servidor1.TabelaX SELECT ID, Data FROM
Servidor3.TabelaW SET Data = $row2 WHERE $row1 = $ID;";
if (mysqli_multi_query($conn, $sql)) {
echo "Dados Inseridos";
} if (mysqli_multi_query($conn, $sql)) {
echo "Dados Atualizados";
}
mysqli_close($conn);
I have no idea what your query is trying to do, because you assign to $sql twice without ever executing the first query, but if you're asking how to update a row in tableX based on data from tableY, then:
UPDATE Servidor1.TabelaX as x, Servidor2.TabelaY as y
SET x.Data = y.Data
WHERE x.id = y.id
AND x.id = $someIdForWhichYouWantToUpdate
Also, do not do this:
$ID = $_POST['ID'];
$sql = "SELECT * FROM TabelaY WHERE ID = $ID";
Imagine what happens when the user posts 1; DROP DATABASE Servidor1 into the form. This is called SQL injection and your code is full of vulnerabilities to it.
I try to print the username in members panel.
That means when the member login, I will print to him, for example, "Welcome MEMBER'S NAME".
The problem is, when I use this script to print the member name, it print to me all members from my database:
<?php
$id = #$_GET['id'];
$name = #$_GET['name'];
$select = "SELECT * FROM tblname WHERE id='$id'";
$run = mysqli_query($connect,$select);
while($row = mysqli_fetch_array($run)){
echo $row['name'];
}
?>
Can anyone help?
You should sanitize the $_GET as mysql_real_escape_string($_GET['id']); and instead of looping through the record resource you can use
$select = "SELECT * FROM tblname WHERE id='$id'";
$run = mysqli_query($connect,$select);
$row = mysqli_fetch_array($run);
echo $row['name'];
I'm trying to set up a simple comment system and I want to create the correlation between the comment and the page landed.... so when a user arrives at blog.php?id=3 they would be presented the correct comments.
What I'm doing is creating the comments table with a pageid column. The pageid column will be filled when a user posts to the page. Maybe a hidden form field? How do I make this correlation within my MYSQLI
This is what I was thinking...
<?php
include_once("includes/check_login_status.php");
?>
<?php
// Check to see the URL variable is set and that it exists in the database
if (isset($_GET['id'])) {
// Connect to the MySQL database
include "includes/db_conx.php";
$id = preg_replace('#[^0-9]#i', '', $_GET['id']); // filter everything but numbers
// Use this var to check to see if this ID exists, if yes then get the product
// details, if no then exit this script and give message why
$sql = "UPDATE content SET views=views+1 WHERE ID=$id";
$update = mysqli_query($db_conx,$sql);
$sql = "SELECT * FROM content WHERE id=$id LIMIT 1";
$result = mysqli_query($db_conx,$sql);
$productCount = mysqli_num_rows($result);
if ($productCount > 0) {
// get all the product details
while($row = mysqli_fetch_array($result)){
$article_title = $row["article_title"];
$category = $row["category"];
$readmore = $row["readmore"];
$author = $row["author"];
$date_added = $row["date_added"];
$article_content = $row["content"];
}
} else {
echo "That item does not exist.";
exit();
}
} else {
echo "Data to render this page is missing.";
exit();
}
?>
<?php
include_once "includes/db_conx.php";
$sql = "SELECT * FROM comment WHERE pageid ="$id"ORDER BY id DESC";
$sql_comments = mysqli_query($db_conx,$sql);
while($row = mysqli_fetch_array($sql_comments)){
$name = $row["name"];
$comment = $row["comment"];
$commentlist .= 'name : '.$name.'<br />comment : '.$comment.'<hr>';
}
//////////////
?>
Is the lower half in scope of the get variable? So that I can determine what page we're on? Can this type of variable be passed thorugh a variable in the comment form?
The 3rd sql statement contains an error:
$sql = "SELECT * FROM comment WHERE pageid ="$id"ORDER BY id DESC";
to
$sql = "SELECT * FROM comment WHERE pageid =".$id."ORDER BY id DESC";
You might also want to change the pre_replace statement to intval:
$id = preg_replace('#[^0-9]#i', '', $_GET['id']);
to
$id = intval($_GET['id']);
The reason being if $_GET['id'] = 'ABC123' then preg_replace will return 123 whereas the intval will return 0.
I have used urldecode to receive a member ID from a previous site. The correct ID is being displayed in the URL but I can't fetch information from the database.
<?php
$id = urldecode(trim($_GET['memberID']));
$query = "SELECT * FROM members WHERE memberID = '".$id."'";
if ($result = $db->query($query)) {
while ($row = $result->fetch_assoc()){
printf("%s (%s)\n", $row["memberID"], $row['name']);
}
}
?>
All I get is a blank screen.
change mysql.error() to mysql_error()
$query = "SELECT * FROM members WHERE memberID = '".$id."'";
I'm trying to get a single result from my database, just one name.
I tried using;
$row = mysql_fetch_array(mysql_query("SELECT * FROM persons WHERE id = '$id'"));
echo $row['name'];
But that din't work, any other way to simply show only one result?
Thanks in advance!
[EDIT:]
(I'm using PHP 5.3)
<?php
include("connection.php");
$id = $_GET['deletid'];
$result = mysql_query("SELECT * FROM persons WHERE id = '$id' LIMIT 1");
if(!$result){
echo mysql_error();
}
if ($row = mysql_fetch_array($result)){
echo $row['name'];
}
echo "<p>id:$id</p>";
?>
If you need just the name and you need just one result you should rewrite your query as follow:
$row = mysql_fetch_array(mysql_query("SELECT name FROM persons WHERE id = '". (int) $id ."' LIMIT 1"));
Now to get the result you should just get it with a
$row['name'];
EDIT
Now that you posted your entire code i got what's wrong: You are deleting that result before getting its name. Basically you delete that user and then you attempt to get its name.
EDIT
<?php
include("connection.php");
if (empty($_GET['deleteid'])) {
exit('"deleteid" is empty');
}
$id = mysql_real_escape_string($_GET['deletid']);
$result = mysql_query("SELECT name FROM persons WHERE id = '". (int) $id ."' LIMIT 1");
if(!$result){
echo mysql_error();
}
$row = mysql_fetch_assoc($result); // for just one result you don't need of any loop
echo $row['name'];
echo "<p>id:". htmlspecialchars($id) ."</p>";
?>
try
$row = mysql_fetch_array(mysql_query("SELECT name FROM persons WHERE id = ". (int) $id));
echo $row['name'];