Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
<?php if($_POST) {
$username = htmlspecialchars($_POST['username']);
$password = htmlspecialchars($_POST['password']);
$mysqli = new mysqli('localhost','root','','movie_posters');
$query = $mysqli->query("SELECT password FROM users WHERE username = '"$username"'");
} ?>
When I try this code on WAMP, I get error like; this http://i.stack.imgur.com/qcifR.jpg
What can I do ?
Do not use single and double quotes in your query.
This is the right way:
$query = $mysqli->query("SELECT password FROM users WHERE username = '$username'");
Otherwise, you will not print $username's value.
You have to put periods before and after you variable.
In your example:
$query = $mysqli->query("SELECT password FROM users WHERE username = '".$username."'");
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I'm trying to search a specific string from a whole MySQL database not from only a single table of the database and get the data as a JSON object in my android app.
here is my php file
<?php
error_reporting(E_ALL ^ E_DEPRECATED);
$con = require("connection.php");
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
}
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ? AND password = ?");
mysqli_stmt_bind_param($statement,"ss",$username,$password);
mysqli_stmt_execute($statement);
mysqli_store_result($statement);
mysqli_stmt_bind_result($statement,$id,$name,$phone,$email,$username, $password);
$user = array();
while(mysqli_stmt_fetch($statement)){
$user[name]= $name;
$user[phone]= $phone;
$user[email]= $email;
$user[username]= $username;
$user[password]= $password;
}
echo json_encode($user);
mysqli_stmt_close($statement);
mysqli_close($con);
?
But I don't want to search only in user table instead of i want to search in whole database. please help.
There are no direct way to SELECT from the whole database. Instead you can get all tables from the information_schema like this.
Then you can loop over all tables and search in all columns with the comlumn types like eg. varchar, text or others depending on your needs.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
So, I got this script: http://pastebin.com/HHnUWnyB
The thing is that it isn't working, and I got no idea why, I've looked at it, over and over, and to me it should work, but doesn't. So now I'm turning to the experts!
Instead of updating in the mysql db it just returns an empty page...
Thanks in advance!
Update: found the exact but that isn't working:http://pastebin.com/pQrdQUPq
$username = 'test'; // note, isn't this in original script, it's called from a database, but whatever
if(isset($_POST['generate'])) {
$newkey = 'something';
$query = sprintf('UPDATE `users` SET `key`=%s WHERE `username`="%s"',
mysqli_real_escape_string($db, $newkey),
mysqli_real_escape_string($db, $username));
mysqli_query($db, $query);
};
seems like either POST['disable'] or POST['generate'] are not set. Check that those variables are being posted. Theres also a bunch of BAD SYNTAX: There are many extra ending brackets, and unnecessary semicolons.
Also try changing this:
$query = sprintf('UPDATE `users` SET `key`=%s WHERE `username`="%s"',
to this:
$query = sprintf("UPDATE `users` SET `key`='%s' WHERE `username`='%s'",
So you should have this:
$username = 'test'; // note, isn't this in original script, it's called from a database, but whatever
if (isset($_POST['generate'])) {
$newkey = 'something';
$query = sprintf("UPDATE `users` SET `key`='%s' WHERE `username`='%s'", mysqli_real_escape_string($db, $newkey), mysqli_real_escape_string($db, $username));
mysqli_query($db, $query);
}
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Improve this question
I have a problem with my code. I want to make a Seesion which display the current login user
Thank you !
$link = mysql_connect($DB_server, $DB_user, $DB_password,$DB_name);
mysql_select_db('linux', $link) or die(mysql_error());
$uid = 0;
if(isset($_GET["id"]))
{
$uid = $_GET["id"];
}
$profilname = mysql_query("SELECT U_Benutzername ,U_ID FROM u_user WHERE U_ID = '$uid'");
$emailadresse =mysql_query("SELECT U_login ,U_ID FROM u_user WHERE U_ID = '$uid'");
$_SESSION['profilname'] = $profilname;
$_SESSION['email'] =$emailadresse;
echo "Benutzername: $profilname";
echo "<br/>";
echo "Email: $profilname";
You have a typo...
$lid = $_GET["id"];
should probably be
$uid = $_GET["id"];
change your mysql query to:
if($uid!=0) {
$ref = mysql_query("SELECT * FROM u_user WHERE U_ID = '$uid'");
$row = mysql_fetch_array($ref);
$profilname = $row["U_Benutzername"];
$emailadresse= $row["U_login"];
$_SESSION['profilname'] = $profilname;
$_SESSION['email'] =$emailadresse;
}
to display it:
echo $_SESSION['profilname'];
BUT:
You wont get far with this, this is mysql_-code and its deprecated.
You have to use mysqli in newer PHP-Versions.
http://php.net/manual/de/book.mysqli.php
Change $lid = $_GET["id"]; to $uid = $_GET["id"];, and it also is a good idea to sanitize the data from $_GET,
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I have a table called "users" with 1 row.
I have been trying to get the number of rows that exist when the username and password have been entered. This wasn't returning anything, so I have created this code in the most simple form, but still it is not returning anything.
If I run the query on phpmyadmin, it returns the row.
Why could this not be working?
include("../includes/db.php");
$result = $link->query("SELECT * FROM users");
die(mysqli_num_rows($result));
The connection to the database is fine, all the other code works fine on my CMS.
edit:
This is my now working code:
include("../includes/db.php");
if(!isset($_SESSION['loggedin'])){
if(isset($_POST['username'])){
$username = $_POST['username'];
$password = md5($_POST['password']);
$sql = "SELECT * from users WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1";
$result = $link->query($sql);
if (!$result->num_rows == 1) {
echo "<p>Invalid username/password combination</p>";
LoginForm();
} else {
echo "<p>Logged in successfully</p>";
$_SESSION['loggedin'] = 1;
}
}else{
LoginForm();
}
}
include("../includes/db.php");
$result = $link->query("SELECT * FROM users");
echo $result->num_rows;
My bad for the previous answer. It's been a while since I've used PHP
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
<?php
//GET FACEBOOK LIKE DATA TO FACEBOOK SERVERS
function readFacebookLikes($url) {
$query = "select like_count from link_stat WHERE url ='" . $url ."'";
$s = file_get_contents("https://api.facebook.com/method/fql.query?query=".
urlencode($query)."&format=json");
preg_match("#(\"like_count\"):([0-9]*)#",$s,$ar);
if(isset($ar[2])) return $ar[2]; else return null;
}
mysql_connect('localhost','root','') or die(mysql_error());
mysql_select_db('odrinhasedm') or die(mysql_error());
$query=mysql_query("select nome, url from participacao") or die(mysql_error());
while($res=mysql_fetch_array($query))
{
$likes = "http://[ip]/evento-odrinhas-edm-open-air/".$res['url'];
$links = $res['url'];
$contador = readFacebookLikes($likes);
//echo'<tr><td>'.$res['nome'].'</td><td>'.$contador.'</td></tr>';
$query1 = "UPDATE participacao set likes = $contador WHERE url = $links ";
mysql_query($query1) or die (mysql_error());
}
?>
Why is this query1 not working? (PHPMyAdmin errror #1064)
I have a project that creates a page per user on a form and each page has its own Facebook like system, now I have a way to get that data and show it on a table, but I want to insert that data into my database to sort it. Is it easier to add the values to my db or sort the table directly in php?
I have a query that is working and its pulling the URLs to the PHP file, then I want to create another query to insert the data into the database with "update".
I think url is a string. So you must have quotes around the values:
UPDATE participacao set likes = $contador WHERE url = '$links'