I'm trying to get a json file using Slim Framework. The code I'm trying is mentioned below
$app->get('/forum/:id', function ($id) {
$user_name = "abc";
$password = "123";
$database = "test";
$server = "localhost";
$db_handle = mysqli_connect($server, $user_name, $password);
mysqli_set_charset($db_handle, "utf8");
mysqli_select_db($db_handle, $database);
$arr = array();
$SQL = "Select y123_forum.post_id, y123_forum.posttext FROM y123_forum INNER JOIN y123_users ON y123_forum.user_id = y123_users.id WHERE type = 1 AND y123_users.email = 'id'";
$result = mysqli_query($db_handle, $SQL);
while ($row = mysqli_fetch_assoc($result))
{
array_push($arr, $row);
}
mysqli_close($db_handle);
echo json_encode($arr);
});
The output displayed on the browser is []
When I try the above code without passing parameter, i.e
$app->get('/faqs/', function () {
$user_name = "abc";
$password = "123";
$database = "test";
$server = "localhost";
$db_handle = mysqli_connect($server, $user_name, $password);
mysqli_set_charset($db_handle, "utf8");
mysqli_select_db($db_handle, $database);
$arr = array();
$SQL = Select y123_forum.post_id, y123_forum.posttext FROM y123_forum INNER JOIN y123_users ON y123_forum.user_id = y123_users.id WHERE type = 1 AND y123_users.email = 'abc#gmail.com'"
$result = mysqli_query($db_handle, $SQL);
while ($row = mysqli_fetch_assoc($result))
{
array_push($arr, $row);
}
mysqli_close($db_handle);
echo json_encode($arr);
});
then it works fine
How do i fix this, I need to get this working to get the json file by passing any email id's from the database
You're forgetting the $ in the parameter, it thinks you're looking for an email address of 'id', not the contents of $id.
SELECT * FROM y123_forum WHERE email = '$id';
Note that this is a horrible, bad, unsafe way to pass parameters to a SQL query. The correct way would be to parameterize your query and execute this way:
$SQL = 'SELECT * FROM y123_forum WHERE email = ?';
$stmt = mysqli_stmt_init($db_handle);
if (mysqli_stmt_prepare($stmt, $sql)) {
mysqli_stmt_bind_param($stmt, 's', $id);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
while ($row = mysqli_fetch_assoc($result))
{
array_push($arr, $row);
}
}
The 's' in mysql_stmt_bind_param tells the driver your $id variable should be treated as a string, and escapes it appropriately.
Related
I want to set a variable "name",
I tried: if(isset($_POST['name'])), But not result.
I was also looking for other options but could not get results.
I have a PHP code:
<?php
$servername = "localhost";
$username = "..";
$password = "..";
$dbname = "..";
$conn = new mysqli($servername, $username, $password, $dbname);
$response = array();
$posts = array();
$sql = "SELECT name, addres, status, date FROM silknet WHERE name='test'";
$result=mysqli_query($conn,$sql);
while($row=mysqli_fetch_array($result)) {
$name=$row['name'];
$addres=$row['addres'];
$status=$row['status'];
$date=$row['date'];
$response[] = array('name'=> $name, 'addres'=> $addres, 'status'=>$status,
'date'=>$date);
}
echo json_encode($response);
?>
Add to the top:
$name = $_POST['name'];
And edit this line as:
$sql = "SELECT name, addres, status, date FROM silknet WHERE name='$name'";
I'm trying to make a simple query with PHP that returns a list of Strings with all the names of the users, but I can figure out how to do do it. The only thing i thought wa this:
<?php
$host_name = "hostname";
$database = "database";
$user_name = "username";
$password = "pass";
$connect = mysqli_connect($host_name, $user_name, $password, $database);
$select = "SELECT username from userstasker";
$result = $connect->query($select);
$rows = array();
while($r = mysqli_fetch_assoc($result)) {
$rows[] = $r;
}
echo json_encode($rows);
$connect->close();
?>
But this returns a JSon, ant idea how to do it?
<?php
$host_name = "hostname";
$database = "database";
$user_name = "username";
$password = "pass";
$connect = mysqli_connect($host_name, $user_name, $password, $database);
$select = "SELECT username from userstasker";
$result = $connect->query($select);
$usernames = array();
while($r = mysqli_fetch_assoc($result)) {
$usernames[] = $r["username"];
}
$connect->close();
// Do something with $usernames
?>
I have absolutely zero experience protecting my SQL data. I am trying to prevent injection attacks on my web service by using prepared statements. I've followed several tutorials, but each one I've implemented has killed my PHP script. How could I protect this query?
$value = (integer)$_GET["name"];
$sql = "SELECT `coordinates`, `center` , `content_string` FROM Regions WHERE `id` = {$value}";
$result = $conn->query($sql);
$rows = array();
if ($result->num_rows > 0) {
// output data of each row
while($r = mysqli_fetch_assoc($result)) {
$rows[] = $r;
}
}
Here is my attempt:
$value = (integer)$_GET["name"];
$sql = $dbConnection->prepare('SELECT `coordinates`, `center` , `content_string` FROM Regions WHERE `id` = ?');
$sql->bind_param('i', $value);
$sql->execute();
$result = $sql->get_result();
$rows = array();
if ($result->num_rows > 0) {
// output data of each row
while($r = mysqli_fetch_assoc($result)) {
$rows[] = $r;
}
}
I'm not really sure why this code doesn't work.
You will have to bind the result and below is the code - it is going to work please try it. please check if there any syntax issues in my code. otherwise it will work.
$value = (integer)$_GET["name"];
$sql = $dbConnection->prepare('SELECT 'coordinates', 'center' , 'content_string' FROM Regions WHERE `id` = ?');
$sql->bind_param('i', $value);
$sql->execute();
$sql->bind_result($coordinates, $center, $content_string)
while($sql->fetch())
{
echo $coordinates;
echo $center;
echo $content_string;
}
Prepared statement with MySQLi
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// prepare and bind
$stmt = $conn->prepare("INSERT INTO users (username, email) VALUES (?, ?)");
$stmt->bind_param("ss", $username, $email);
// set parameters and execute
$username= "John";
$email = "john#example.com";
$stmt->execute();
$username= "Mary";
$email = "mary#example.com";
$stmt->execute();
echo "New records created successfully";
$stmt->close();
$conn->close();
Php tips and tricks.
http://www.phptherightway.com/
If you are concerned about security this is the topic that I love very much.
What are the best PHP input sanitizing functions?.
I'm a newbie to php. I'm working on fetching the result from the DB and to send those details in the format of Json to the ajax call. Whereas I'm not able to convert using json_encode.
I'd like to get the result in the format of
[{"id":1,"name":"Rafael","password":"rafael"},{"id":1,"name":"nadal","password":"nadal"}]
My php code is
// credentials of MySql database.
$username = "root";
$password = "admin";
$hostname = "localhost";
$jsonArray = array();
//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
$selected = mysql_select_db("Angular",$dbhandle)
or die("Could not select Angular");
//execute the SQL query and return records
$result = mysql_query("SELECT name,password FROM User");
//fetch tha data from the database
while ($row = mysql_fetch_array($result)) {
$id = $row{'id'};
$name = $row{'name'};
$password = $row{'password'};
$jsonData = json_encode($name,$password);
}
echo "Json:".$jsonData;
Change the code after mysql_query to:
while($row = mysql_fetch_assoc($result))
{
$jsonArray[] = $row;
}
echo json_encode($jsonArray);
Note that you do not select the ID in the query. it should be
$result = mysql_query("SELECT id, name, password FROM User");
The parameters within a json_encode must be an array.
You should use
$jsonData = json_encode( $array ); //$array is your array element
Use Something like this
$queryString = "SELECT * FROM user";
$query = mysql_query($queryString) or die(mysql_error());
$db = array();
while($dbs = mysql_fetch_assoc($query)) {
$db[] = $dbs;
}
echo
$output = json_encode(array(
"success" => mysql_errno() == 0,
"information" => $db
));
myoutput will be look like this;
it will display all the fields in your databasetable
{"success":true,"information":[{"id":"1","username":"sampleName","LastName":"SampleLastName"}]
}
Hope it works :D
<?php
$username = "username";
$password = "password";
$hostname = "localhost";
$database = "database";
//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
$selected = mysql_select_db($database,$dbhandle)
or die("Could not select database");
$id = 0;
if(isset($_GET['Day'])){ $id = (int)$_GET['Day']; }
if(!$id){
$query = "SELECT * FROM `TimeTable`";
} else {
$query = "SELECT * FROM `TimeTable` WHERE `Day`='".$id."'";
}
$result = mysql_query($query);
$rows = array();
while($r = mysql_fetch_assoc($result)) {
$rows[] = $r;
}
or die(mysql_error());
print json_encode($rows);
?>
This code worked previously, but has now stopped, and is producing Parse error: syntax error, unexpected T_LOGICAL_OR in /Directory/TimeTable.php on line 27
I am also looking to add more parameters, (eg: Where Day = $id and Year = $Year )
while($r = mysql_fetch_assoc($result)) {
$rows[] = $r;
}
or die(mysql_error());
This is a syntax error, doesn't know what to do with that or die() statement. Change to this:
$result = mysql_query($query);
if (!$result) {
die('Error');
}
while(...) {
}
I have looked up the new mysql functions an have changed to mysqli.
<?php
$username = "username";
$password = "password";
$hostname = "localhost";
$database = "database";
$link = mysqli_connect($hostname, $username, $password, $database);
if(mysqli_connect_errno()){
echo mysqli_connect_error();
}
$id= 0;
if(isset($_GET['Day'])){ $id=(int)$_GET['Day']; }
$year = 0;
if(isset($_GET['Year'])){ $year=(int)$_GET['Year'];}
if(!$id){
$query = "SELECT * FROM TimeTable";
} else {
if (!year) {
$query = "Select * FROM TimeTable";
} else {
$query = "SELECT * FROM TimeTable WHERE Day=$id AND Year=$year";
}
}
$rows = array();
//Perform JSON encode
if($result = mysqli_query($link, $query)){
while($r = mysqli_fetch_assoc($result)){
$rows[] = $r;
}
}
print json_encode($rows);
?>