Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I have been programming a telephone directory and i am now facing a problem.
When I enter ime and prezime (which are name and surname in english), I can not get broj (which is telephone number in english) of that person.
<?php
mysql_connect ("localhost", "root", "");
mysql_select_db ("imenik");
mysql_set_charset('utf8');
if (isset ($_POST['ime']) && isset ($_POST['prezime'])){
if (!empty ($_POST['ime']) && !empty ($_POST['prezime'])){
$trazeno_ime = $_POST('ime');
$trazeno_prezime = $_POST('prezime');
$query = "SELECT broj_telefona, adresa FROM korisnici WHERE ime='$trazeno_ime' AND prezime='$trazeno_prezime'";
if ($query_run = mysql_query($query)){
if(mysql_num_rows($query_run)==NULL){
echo "Nema korisnika u bazi";
}
else {
$query_row = mysql_fetch_assoc($query_run);
$brojtel = $query_row["broj_telefona"];
$adresa = $query_row["adresa"];
echo "Broj: ".$brojtel."<br>";
echo "Adresa: ".$adresa;
}
}
else {
echo "Unesi podatke";
}
}
}
?>
Change these lines:
$trazeno_ime = $_POST('ime');
$trazeno_prezime = $_POST('prezime');
To:
$trazeno_ime = $_POST['ime'];
$trazeno_prezime = $_POST['prezime'];
and you should take a look at PDO or Prepared Statements, since msyql_ functions are depricated.
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 5 years ago.
Improve this question
I need get Data form mySql and echo it . but show to me error ! please help me . I am amator . please check my code. (get Data form mySql and echo it - PHP)
my error in $result1=mysqli_query($link,$query1);
my PHP file :
<?php
$post_data=#$_POST['myjson'];
$post_data=json_decode($post_data,true);
$command=$post_data['command'];
$server="localhost";
$user="user";
$pass="pass";
$db="db";
$link=mysqli_connect($server,$user,$pass,$db);
mysqli_set_charset($link,"utf8");
if ($command=="get_contact") {
$id=$post_data['id'];
$query="select * from ad where id=$id";
$result=mysqli_query($link,$query);
$row=mysqli_fetch_assoc($result);
$num=mysqli_num_rows($result);
if ($num == 1) {
$query1="select * from user where id=$row['user_id']";
$result1=mysqli_query($link,$query1);
$row1=mysqli_fetch_assoc($result1);
$num1=mysqli_num_rows($result1);
if ($num1 == 1) {
$specifications=array("mobile"=>$row1["mobile"], "email"=>$row1["email"]);
echo "<b>".json_encode($specifications)."</b>";
} else {
echo "<b>Not Found</b>";
}
} else {
echo "<b>Not Found</b>";
}
exit();
}
?>
If you expect just one result of each query, you can get the same results with just one query instead of the two you have:
$query = "select user.* from user, ad where ad.id=$id and user.id = ad.user_id";
Also, you should use prepared statements to avoid sql injection instead of writing vars inside the sql queries.
Besides that, give more info in the error messages because now you don't know which error is returning.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
So basically I got this code right here:
<?php
include_once 'dbconfig2.php';
$con = new DB_con();
$table = "users";
if(isset($_GET['profile_id']))
{
$sql=mysql_query("SELECT * FROM users WHERE user_id=".$_GET['profile_id']);
$result=mysql_fetch_array($sql);
}
?>
I am clueless as to how I would make it so if the user_id is not existent in the records, they cannot view their profile but it leads them to another messsage or piece of code.
If the user_id doesn't exist, there won't be any rows in the result. When you try to read a row with mysql_fetch_array(), it returns FALSE. So you can simply test $result:
if (!$result) {
die("Invalid profile ID");
}
Try to use prepared statements using mysqli, in order to avoid sql injection.
By way of example:
$mysqli = new mysqli("localhost", "root", "root", "test");
if ($mysqli->connect_errno) {
echo "connect_error". $mysqli->connect_error;
}
$id = $_GET['profile_id'];
$result = $mysqli->prepare('SELECT name FROM users WHERE user_id = ?');
$result->bind_param("i", $id);
$result->execute();
$result->bind_result($col1);
$result->fetch();
$is_valid_profile = (!$col1) ? 'Invalid profile' : 'Valid profile';
echo $is_valid_profile;
$result->close();
http://php.net/manual/en/mysqli.prepare.php
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I have been reading many different pieces of code an I am confused as to why the $echo row[0] at the bottom of my code here does not return anything.
$dbhost = 'localhost';
$uname = $_POST["uname"];
//***create connection object
$connection = mysql_connect($dbhost, "bc572fsdf", "abcdfsds") or die(mysql_error());
$dbname = "bc57db";
mysql_select_db($dbname) or die(mysql_error());
//***select a random security question
//*** need this to import session variables
session_start();
echo ($_SESSION["ValidUser"] . "\n");
$rq = array('q1', 'q2', 'q3');
$rand_key = array_rand($rq, 1);
echo $rq[$rand_key];
$question = $rq[$rand_key];
$qtoanswer = mysql_query("select '$question' from users where uname = '$uname'");
if (!$qtoanswer) {
echo "Could not run query:" . mysql_error();
exit;
}
echo $qtoanswer;
$row = mysql_fetch_row($qtoanswer);
echo $row[0];
?>
The fault is in this line:
$qtoanswer = mysql_query("select '$question' from users where uname = '$uname'");
You should be using grave marks for the column name, such as:
$qtoanswer = mysql_query("select `$question` from users where uname = '$uname'");
^ ^
Also, you should be using MySQLi/PDO, so you can prepare this, or at the very least, escape $uname.
Because you cannot echo a array....try var_dump or print_r, or use a loop:
foreach($row[] as $result) {
echo $row[], '<br>';
}
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I know I am doing something wrong but I really would like to know what it is. I can echo the
username of the session loggedin user using <?php echo $_SESSION['username']; ?>but I don't know why it doesn't work when I try to query database using the same technique. my codes below
I include this in the page
<?php
session_start();
$username=$_SESSION['username'];
?>
and here is the code that was suppose to display firstname and user_id of the sessions logged in user
<?php
$conn = new mysqli('localhost', 'root', 'browser', 'test');
if (mysqli_connect_errno()) {
exit('Connect failed: '. mysqli_connect_error());
}
$username = '$username';
$sql = "SELECT `user_id`, `firstname` FROM `members` WHERE `username`='$username'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo '<br /> user_id: '. $row['user_id']. ' - firstname: '. $row['firstname'];
}
}
else {
echo '0 results';
}
$conn->close();
?>
$username = '$username';
PHP variables inside single-quotes are not expanded. So now your variable is the literal string '$username', which undoubtedly won't match any user in your database.
You probably need to set $username = $_SESSION['username']; in your second PHP script.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Improve this question
I'm working on a simple comment section for a website I'm working on, but there seems to be something awry with my code. Here's the form:
<?php
if($_SESSION['authenticated']) { //// if not logged show registration form
echo "<form name='comment' action='addcomment.php' method='get'>";
echo "<textarea name='CommentText'></textarea>";
echo "<input type='submit' value='Submit' />";
echo "</form><br><br>";}
else {
echo "Please log in to post.";
}
$res=mysqli_query($db, "SELECT * FROM comments");
$row = mysqli_fetch_array($res);
while ($row) {
echo '<p>from</p>';
$row = mysqli_fetch_array($res);
}
?>
And here's the PHP/SQL to add the form data to my database table (the table's named comments)
<?php $dbHost = 'cust-mysql-123-17';
$dbUser = 'user';
$dbPass = 'mypass';
$dbName = 'ollie';
$db = mysqli_connect( $dbHost, $dbUser, $dbPass, $dbName ) or die("Cannot connect");
$CommentText = $_GET['CommentText'];
$email = $_SESSION['authenticated'];
$res=mysqli_query($db, "INSERT INTO 'comments' (email, CommentText) VALUES('$email','$CommentText')");
if ($res){echo"<script lang='javascript' type='text/javascript'>
alert('Post successful');
window.location = 'forum.php';
</script>";}
else{
echo "alert('Post Failed');";
}
?>
Whenever I try to run it it shows the "post failed" alert I set up in the last if statement. Help?
remove quotes from the tablename - if you want to enclose it, use backticks ` (key below escape)
$res = mysqli_query($db, "INSERT INTO comments (email, CommentText) VALUES('$email','$CommentText')");
about security, i recommend you to learn about mysqli::real_espace_string on php.net