I have some codes to filter my table. it looks like this,it works fine.
if ($_REQUEST["brgy"]<>'') {
$search_city = " AND brgy='".mysql_real_escape_string($_REQUEST["brgy"])."'";
}
if ($_REQUEST["prk"]<>'') {
$search_prk = " AND prk='".mysql_real_escape_string($_REQUEST["prk"])."'";
}
if ($_REQUEST["gender"]<>'' and $_REQUEST["cstatus"]<>'') {
$sql = "SELECT * FROM data WHERE gender = '".mysql_real_escape_string($_REQUEST["gender"])."' and cstatus = '".mysql_real_escape_string($_REQUEST["cstatus"])."'".$search_city.$search_prk;
}
else if ($_REQUEST["gender"]<>'') {
$sql = "SELECT * FROM data WHERE gender = '".mysql_real_escape_string($_REQUEST["gender"])."'".$search_city.$search_prk;
}
else if ($_REQUEST["cstatus"]<>'') {
$sql = "SELECT * FROM data WHERE cstatus = '".mysql_real_escape_string($_REQUEST["cstatus"])."'".$search_city.$search_prk;
}
else {
$sql = "SELECT * FROM data WHERE id>0 and status='active' ".$search_city.$search_prk;
}
$sql_result = mysql_query ($sql, $connection ) or die ('request "Could not execute SQL query" '.$sql);
if (mysql_num_rows($sql_result)>0) {
while ($row = mysql_fetch_assoc($sql_result)) {
$id = $row['id'];
but if I will add this code it doesn't filter my table it displays nothing:
if ($_REQUEST["religion"]<>'') {
$search_rel = " AND religion='".mysql_real_escape_string($_REQUEST["religion"])."'";
}
I wonder what's wrong with adding it. I construct this again so it should understand well than before.
If you're using newer version of PHP it will be mysqli_real_escape_string() instead of mysql_real_escape_string(). You are also using it incorrectly. Read this to learn how to use it correctly.
Related
So I installed this jackpot script with a layout and everything and within the jackpot script there was a set.php file which I tried to set up, it looked like this:
<?php
$sitename = "csgoxd.net";
$link = #mysql_connect("localhost:3306", "csgoxdne", "thisisasecretpassword");
$db_selected = mysql_select_db('csgoxdne_csgoxddb', $link);
mysql_query("SET NAMES utf8");
function fetchinfo($rowname,$tablename,$finder,$findervalue) {
if($finder == "1") $result = mysql_query("SELECT $rowname FROM $tablename");
else $result = mysql_query("SELECT $rowname FROM $tablename WHERE `$finder`='$findervalue'") or die (mysql_error());
$row = mysql_fetch_assoc($result);
return $row[$rowname];
}
?>
So I'm new when it comes to coding in general (I know some basic stuff but that's it) so basically I'm not sure if I'm supposed to fill out more of this file because I get this error on my website.
"Table 'csgoxdne_csgoxddb.info' doesn't exist"
I'm new to this and I'm trying to learn so help is much appreciated.
You should use MySQLi to make use of its advantages it offers over MySQL. You can see more here.
The script you have isn't all too bad, but it does need some tweaking. It's vulnerable to injection like Marc B said. I'm going to assume that csgoxdne_csgoxddb is your table name.
Try this:
<?php
$mysqli = new mysqli("localhost:3306", "csgoxdne", "thisisasecretpassword");
if (mysqli -> error){ print ("Error connecting! Message: ".$mysqli->error); }
mysqli_set_charset($mysqli, 'utf8');
function fetchinfo($rowname, $tablename, $finder, $findervalue) {
if ($finder == "1") {
$query = "SELECT * FROM $tablename WHERE rowname = '$rowname'";
$result = mysqli_query($mysqli, $query);
} else {
$query = "SELECT * FROM $tablename WHERE `$finder`='$findervalue'";
if (!$query) {
die('Invalid query: ' . $mysqli->error);
}
$result = mysqli_query($mysqli, $query);
}
return $result;
}
?>
Oh and make sure the port number on your localhost is correct.
Also to go through the values of result you can use:
if (mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_array($result)) {
#do things
}
}
In fact I am working on a small PHP script but I am facing a problem right now.The problem is that i want to check if my query return records this is my mysqli query:
$sql = "select * from specs where btitleid=$id and phoneid=$aydi"
$check = $conn->query($sql)
while($row = $check->fetch_assoc()) {$tocheck = $row['content'];}
I don't want to check the number of rows of this query to see if it is null.I want to check if all $row['content'] are empty.
How about this:
$sql = "select * from specs where btitleid=$id and phoneid=$aydi";
$check = $conn->query($sql);
$contentAllEmpty = true;
while ($row = $check->fetch_assoc()) {
if (strlen($row['content']) > 0) {
$contentAllEmpty = false;
}
}
if ($contentAllEmpty) {
//do something
}
use ==
while ($row = $check->fetch_assoc()) {
if ($row['content'] == '') {
... code here
}
}
To get back only records where the content column is not empty -
$sql = "SELECT * FROM `specs` WHERE `btitleid` = $id AND `phoneid` = $aydi AND (`content` IS NOT NULL OR `content` != '') ";
So I'm making a usergroup function that allows me to block off pages to lower user levels. This is my function for grabbing info:
function grab_info($id, $requested_info){
$id = $_SESSION['user_id'];
$requested_info = $requested_info;
$con = new mysqli('localhost', 'root', '', 'login');
if ($con->connect_errno >0){
die("Handle your connection error here");
}
$sql = "SELECT * FROM `users` WHERE `id` = $id";
if (!$result = $con->query($sql)) {
die("There as a query error for some reason handle your query error");
}
while($row = $result-fetch_assoc()){
$info = $row[$requested_info];
return $info;
}
}
Right here:
$sql = "SELECT * FROM `users` WHERE `id` = $id";
if (!$result = $con->query($sql)) {
die("There as a query error for some reason handle your query error");
}
is where something is going wrong. This is my method for grabbing the info:
$id = $_SESSION['user_id'];
$rank = grab_info($id, 'rank');//Gets rank from our id
$meets = can_access($rank, 4, true);//We're saying our user has a rank of 1 to access this page you need a rank of 3 and only 3 hence strict
if ($meets == false){//user cant access page
header("Location: index.php");
die();
}
Basically, it just keeps giving me the "There as a query error for some reason handle your query error" and I'm stuck. New to php so sorry if it's messy.
Using prepared statements and cast the variable as an integer.
$stmt = $con->prepare("SELECT * FROM `users` WHERE `id` = ?");
$stmt->bind_param("i",$id);
$id = (int) $_SESSION['user_id'];
$stmt->execute();
$result = $stmt->get_result();
Check to make sure that $id is actually set. If it's null that will cause your query to explode.
$sql = "SELECT * FROM `users` WHERE `id`='{$id}'";
Try this :)
$query=mysql_query("SELECT * FROM user WHERE user_email='$user_email');
Please try this:
function grab_info($id, $requested_info){
$id = $_SESSION['user_id'];
$requested_info = $requested_info;
$con = new mysqli('localhost', 'root', '', 'login');
if ($con->connect_errno >0){
die("Handle your connection error here");
}
$sql = "SELECT * FROM users WHERE id =". $id;
if (!$result = $con->query($sql)) {
die("There as a query error for some reason handle your query error");
}
while($row = $result->fetch_assoc()){
$info = $row;
return $info;
}
}
I am using the JQuery Validation Plugin. I got the remote function working with the default php file.
I modified the php file to use my own version but mysql is returning
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/fastbluf/syatch/module/1.func.php on line 15
My PHP Code is the following. All my syntax looks correct.
<?php
// Last Edited: 4/23/12
$conn = mysql_connect('localhost','hidden','hidden') or die('Iam dying');
$rs = #mysql_select_db( "hidden", $conn) or die( "Err:Db" );
$do = $_REQUEST['do'];
$email= $_REQUEST['email'];
$user= $_REQUEST['user'];
function checkInfo($do,$email,$user){
switch ($do) {
case 1:
$sql = "select * from User_Base where Email_Address = $email";
$results = mysql_query($sql). mysql_error();
$nResults = mysql_num_rows($results);
if ($nResults > 0) {
$valid="false";
} else {
$valid="true";
}
break;
case 2:
//not yet
break;
}
return $valid;
}
echo checkInfo($do,$email,$user);
?>
The problem is that you're appending to your result, causing it to no longer be a valid result.
$results = mysql_query($sql). mysql_error();
Try changing this to be something like this:
$results = mysql_query($sql) or die(mysql_error());
Your query should also be changed to quote the email address, and the address should be escaped to prevent attacks (SQL Injection):
$email = mysql_real_escape_string($_REQUEST['email']);
$sql = "select * from User_Base where Email_Address = '$email'";
Fix your query to
$sql = "select * from User_Base where Email_Address = '".$email."'";
This is a really simple thing, but it's not working for some reason. Heres my code.
I am making function (its part of a class) which checks if a username or email exists:
public function exists ($what, $who)
{
$sql = "SELECT * FROM users WHERE $what = $who";
$query = mysql_query($sql);
if (mysql_num_rows($query) != 0)
{
return true;
}
else
{
return false;
}
}
The function returns nothing. In fact if I run that query through regular PHP it returns nothing also. I don't understand why.
This following piece of code returns news entries perfectly:
function fetch($id = '')
{
if (empty($id))
{
$query = 'SELECT * FROM news ORDER BY id desc';
}
elseif (is_numeric($id))
{
$query = "SELECT * FROM news WHERE id = $id";
}
else
{
$route->to(SITE_URL);
}
$result = mysql_query($query);
if (mysql_num_rows($result) > 0)
{
return $result;
}
}
I am confused.
The problem is that you are missing quotes in your query:
$sql = "SELECT * FROM users WHERE $what = $who";
//SELECT * FROM users WHERE username = Mario is not a valid query
should be:
$sql = "SELECT * FROM users WHERE $what = '$who'";
the other queries are working because you are checking against an id, in this case against a string (and in this case you need quotes)
maybe the query execution failed and you have error turned off on screen in your php.ini
Try to add an intermediate check on the correct execution of the query:
$query = mysql_query($sql);
if ($query === FALSE) {
// log error with mysql_errno($conn) and mysql_error($conn);
} else {
if (mysql_num_rows($query) != 0) {
return true;
etc. etc.