This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
I'm developing a mobile application for android and I'm trying to compare a variable on the phone to a variable already in the database, so that I can insert it if it's new and update it if it already exists.
$name_check = $_POST['Name'];
$result = mysqli_query($con, "SELECT * FROM Data WHERE Name = $name_check");
if($result && mysqli_num_rows($result) > 0)
{
// Update entry
}
This code doesn't seem to work as this block is skipped over and goes to my else block where a new entry is written, so I end up with loads of entries instead of updating one.
I have another field in the table called "Level", and when I compare against that it seems to work, which just confuses me further.
If anyone has any insight into how to do this or why it's not working for me I'd be very grateful.
Use quotes:
$result = mysqli_query($con, "SELECT * FROM Data WHERE Name = '$name_check'");
$result = mysqli_query($con, "SELECT * FROM Data WHERE Name = '".$name_check."'");
This should work fine
Use this:
$result = mysqli_query($con, "SELECT * FROM Data WHERE Name = '" . $name_check . "'");
Related
This question already has answers here:
How to include a PHP variable inside a MySQL statement
(5 answers)
Closed 2 years ago.
So I'm building a website and i need to access a table which holds the information about products
I'm using to navigate to the page
<a href="productDetails.php?table=FeaturedProducts&id=1" >
then in products details page I'm using this to run the php query
<?php
require "connection.php";
$table = $_GET["table"];
$id = $_GET["id"];
$sql = "select * from '.$table.' where ID = '.$id.'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_array($result);
$pname= $row['Product_name'];
?>
this doesn't seem to work please tell me how i can do this.
You made mistake in your concatenation of string. Take a look to your code here :
$sql = "select * from '.$table.' where ID = '.$id.'";
You try to concatanate the $table and $id variable. (we agree it's a SQL Injection problem).
But PHP will interpret the string result like this : select * from '.FeaturedProducts.' where ID = '.1.'
So you have the ' are not necessary in your code for the table name, and it's add point to your values. Because MySQL does to give you error message.
So your correct code will be (and make modification for use prepare statement to avoid SQL Injection) :
$sql = "select * from $table where ID = '$id'";
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
I am working on a membership script, and can't for the life of me figure out whats wrong with my query... anyone have any idea's? Think I need a second set of eyes.. Originally I was just sending
$sqlquery2 = "UPDATE users SET lastvisit = now() WHERE id = '" . $id ."'";
but it was updating the joined_date column as well. So I tried this and broke it further.
CODE EXCERPT :
//These variables are pulled from prior query
$id = $row['id'];
$hashed_password = $row['password'];
$username = $row['username'];
$joined = $row['join_date'];
$salt = $row['salt'];
$email = $row['email'];
//compare password pulled from database
if(password_verify($password,$hashed_password)){
$sqlquery2 = "UPDATE users SET lastvisit = now(), join_date = ".$joined." WHERE id = '" . $id ."'";
//$joined is equal to 2016-10-19 17:24:08
Please check whether your joined_date is a TIMESTAMP column. If so following will help you.
http://dev.mysql.com/doc/refman/5.7/en/timestamp-initialization.html
This question already has answers here:
mysqli_fetch_array returning only one result
(3 answers)
Closed 6 years ago.
I need only the values of one column in an array. Without php I would use "SELECT valueX FROM tableY".
This does not work with php. I only get one result.
This is what I have:
$salty = "SELECT salt FROM login";
$salts = mysqli_query($connection, $salty);
$validsalts = mysqli_fetch_array($salts);
You have to make a loop iteration for fetching the all value.
for example.
$salty = "SELECT salt FROM login";
$salts = mysqli_query($connection, $salty);
while($validsalts = mysqli_fetch_array($salts))
{
echo $validsalts['salt'];
}
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
I have an issue. I am trying to find out if a user's email already exists in the database here is my query:
$stmt1 = "select EmailAddress from customers where EmailAddress = ' .$emailaddress. '";
$result = $db->query($stmt1);
if($result->num_rows === 0){
$Err = "";
} else {
$Err = 'This user is already registered login instead.';
}
What am I doing wrong? I can't seem to get num_rows to return something I can work with. Shouldn't this query return 0 if no records are found or number of rows if there is a record?
Use :
$stmt1 = "SELECT EmailAddress FROM customers WHERE EmailAddress = '".$emailaddress."'";
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 7 years ago.
I have no idea why this is not returning anything. I'll show the code and talk through the steps I've taken.
if (isset($_GET['observation'])) {
require_once("../func/connect.php");
$query = "SELECT * FROM observations WHERE option = ?";
$stmt = $db->prepare($query);
$stmt->bindValue(1, $_GET['observation']);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
echo $row['question'];
} else {
echo 'nope';
}
$row dumps a false boolean, $row['question'] is null.
I've wrote about a million queries and don't have a clue why this doesn't work.
Database table observations consists of id, question & option and the bindValue is correct to match a string in the database.
However, it returns null.
option is a reserved word in mysql so you need to quote it with backticks:
$query = "SELECT * FROM observations WHERE `option` = ?";