Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I am trying to unlink() an image from a folder while it's corresponding deleting row from database. Deleting the row from the db works great but I can't get the unlink to work.
I googled for 2 hours and tried a lot of thing but it's still not working, I think I have some small glitch but I can't figure it out.
Can you suggest what to try.
<?php
$pdo = connect();
if (isset($_GET['delete'])) {
$delete_id = $_GET['delete'];
$img = "SELECT slika FROM filmovi WHERE id = $delete_id";
$q = $pdo->prepare($img);
$q->execute();
$row = $q->fetchAll();
$sql = "DELETE FROM filmovi WHERE id = :filmID";
$query = $pdo->prepare($sql);
$query->bindParam(':filmID', $delete_id, PDO::PARAM_INT);
$query->execute();
$image = $row['slika'];
unlink("assets/img/movies/.'$image");
header("Location: index.php?movies");
die();
}
unlink("assets/img/movies/.'$image");
So say $image contains "image.jpg". The path you've constructed is
assets/img/movies/.'image.jpg
What you most likely want is
unlink("assets/img/movies/". $image);
One comment helped me but he deleted it. I removed FetchAll and left only Fetch.
It works now without any errors.
This is the code:
<?php
$pdo = connect();
if (isset($_GET['delete'])) {
$delete_id = $_GET['delete'];
$img = "SELECT * FROM filmovi WHERE id = $delete_id";
$q = $pdo->prepare($img);
$q->execute();
$row = $q->fetch();
$sql = "DELETE FROM filmovi WHERE id = :filmID";
$query = $pdo->prepare($sql);
$query->bindParam(':filmID', $delete_id, PDO::PARAM_INT);
$query->execute();
$image = $row['slika'];
unlink("assets/img/movies/$image");
header("Location: index.php?movies");
die();
}
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 4 years ago.
Improve this question
I'm trying to insert form value data to Oracle database But I get this error ... please help ... ?
if(isset($_POST['submit'])){
$id = $_POST['id'];
$username = $_POST['username'];
$password = $_POST['password'];
$nameen = $_POST['nameen'];
$namear = $_POST['namear'];
echo $sql = "INSERT INTO TESTTABLE (ID,USERNAME,PASSWORD,NAMEEN,NAMEEN) VALUES (:id,:username,:password,:nameen,:namear)";
$compiled = oci_parse($conn, $sql);
oci_bind_by_name($compiled, ':id', $id);
oci_bind_by_name($compiled, ':username', $username);
oci_bind_by_name($compiled, ':password', $password);
oci_bind_by_name($compiled, ':nameen', $nameen);
oci_bind_by_name($compiled, ':namear', $namear);
oci_execute($compiled);
if (! oci_execute($compiled)) {
var_dump(oci_error());
} }
You have twice the same field, called « NAMEEN », in your INSERT statement :
INSERT INTO TESTTABLE
(ID,USERNAME,PASSWORD,NAMEEN,NAMEEN) VALUES ...
You want :
INSERT INTO TESTTABLE
(ID,USERNAME,PASSWORD,NAMEEN,NAMEAR) VALUES ...
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
hi i am getting this error though i tried to change the new to i am stil getting this problem can anyone tell me what should i do. I have completely changed the page also database but still same error.
error>
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''calendar_admin' WHERE teacher_id='ipcst123' and password='a141c47927929bc2d1fb6'
at line 1
my code >
<?php
$username=$_POST['teacherId'];
$password=$_POST['password'];
$password=md5($password);
try {
$bdd = new PDO('mysql:host=localhost;dbname=XXX', 'XXX', 'XXX');
} catch(Exception $e) {
exit('Unable to connect to database.');
}
$query ="SELECT * FROM 'calendar_admin' WHERE teacher_id="."'".$username."' and password="."'".$password."' ";
$resultat = $bdd->query($query) or die(print_r($bdd->errorInfo()));
$res = $resultat->fetchAll(PDO::FETCH_ASSOC);
foreach($res as $result){
$pass=md5($password);
$user=$result["teacher_id"];
if ($pass==$result["password"]&& $username == $user ){
echo "login Success";
session_start();
$_SESSION['teacher_id'] = $username;
header('Location:/addEvents.php');
}else{
header('Location:/login.php');
//echo "Incorrect Password";
}
}
You should use backticks instead of single quotes :
$query ="SELECT * FROM `calendar_admin` WHERE teacher_id='".$username."' and `password`='".$password."' ";
or just remove them
$query ="SELECT * FROM calendar_admin WHERE teacher_id='".$username."' and `password`='".$password."' ";
And since you use PDO, you should bind parameters, but not concatenate them into the query:
$query ="SELECT * FROM calendar_admin WHERE teacher_id= :teacher and `password`= :password ";
$sth = $bdd->prepare($query);
$sth->bindParam(':teacher',$username);
$sth->bindParam(':password',$password);
$sth->execute();
$res = $sth->fetchAll(PDO::FETCH_ASSOC);
Around column and table names has to be backticks, not single quotes. O rnothing if the names aren't from reserved words (or spaces, or hyphens, or anything else that MySQL will scream about, #Fred -ii- in comments below):
`calendar_admin`
The full query:
$query ="SELECT *
FROM `calendar_admin`
WHERE teacher_id = '" . $username . "' AND
password = '" . $password . "'";
Don't forget to escape data from user inputs.
$query = "
SELECT *
FROM calendar_admin
WHERE teacher_id = '$username'
AND password = '$password';
";
Next, take a look at prepared statements
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I am very new to PDO and I am trying to decode all the rows in my table "test" which contains special entities for instance "('L& eacute;on: The Professional')" instead of "Léon:The Professional".
So, here is what I tried:
<?php
require_once('connection.php');
$stmt = $conn->prepare("SELECT * from test");
$stmt->execute();
while ($results = $stmt->fetch()){
$b = html_entity_decode($stmt);
echo $b;
}
but I have no output printed..
Could someone kindly help me fix it?
prepare() returns a statement object ($stmt in your case)
fetch() returns associative array where the index would be the column name
$sql = "SELECT column1, column2, column3 from test";
$stmt = $conn->prepare($sql);
$stmt->execute();
$result = array()
while ($row = $stmt->fetch()){
$resutlt[] = array('column1' => html_entity_decode($row['column1']),
'column2' => html_entity_decode($row['column2']),
'column3' => html_entity_decode($row['column3'])
);
}
var_dump($result);
return $result;
EDIT: to replace the values
//prepare select
$sql = "SELECT id, column1, column2, column3 from test";
$stmt = $conn->prepare($sql);
$stmt->execute();
//prepare update
$update_sql = "UPDATE test SET column1=?,column2=?,column3=? WHERE id = ?;";
$update_stmt = $conn->prepare($update_sql);
while ($row = $stmt->fetch()){
//update
$update_stmt->execute(array(html_entity_decode($row['column1']),
html_entity_decode($row['column2']),
html_entity_decode($row['column3']),
$row['id']
);
}
You did not define $query, thus it has no execute() function. If you wish to execute your prepared statement, you should call $stmt->execute().
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
$username = stripslashes($username);
// check if usernames exists
$sql = "SELECT Login_Name FROM memberdirectory WHERE Login_Name = $username";
if ($result = mysqli_query($pdo,$sql)) {
$row = mysqli_num_rows($result);
// if yes, fetch the encrypted password
You are missing quotes around the string value:
$sql = "SELECT Login_Name FROM memberdirectory WHERE Login_Name = '$username'";
If you are using mysqli, why limit yourself to manually sanitizing your inputs? MysqlI has prepared statements to handle and format your query correctly.
$Conn = new mysqli("host","user","pass","database");
$Query = $Conn->prepare("SELECT Login_Name FROM memberdirectory WHERE Login_name=?");
$Query->bind_param('s',$username);
$Query->execute();
$Query->fetch();
$Row_Number = $Query->num_rows;
$Query->close(); // close the connection. Always a benefit and can save you complications later down the line
Then validate:
if ($Row_Number > 0){
} // Example only.
$username = stripslashes($username);
$sql = "SELECT Login_Name FROM memberdirectory WHERE Login_Name =".$username;
if ($result = mysqli_query($pdo,$sql)) {
$row = mysqli_num_rows($result);
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I can't understand how to create a prepared statement, and all tutorials I have seen was fetching only column.
My normal sql query
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM files WHERE id=$id ") or die(mysql_error());
$row = mysql_fetch_array($result);
$name = $row['name'];
$date = $row['date'];
Please show me how to create a prepared statement and how to fetch more than one column and insert the date into variables.
First of all it's not a good idea to use SELECT * in production. Instead specify needed columns explicitly. Take a look at https://stackoverflow.com/a/65532/1920232.
Now your code might look like
$id = $_GET['id'];
$db = new mysqli('localhost', 'user', 'password', 'dbname');
$sql = 'SELECT name, date FROM files WHERE id = ?'; //specify columns explicitly
if ($stmt = $db->prepare($sql)) { //create a prepared statement
$stmt->bind_param('i', $id); //bind parameters
$stmt->execute(); //execute query
$stmt->bind_result($name, $date); //bind result variables
$stmt->fetch(); //fetch values
}
$db->close();
echo $id, ' ', $name, ' ', $date;
Note: All error handling intentionally skipped for brevity.