Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I have been reading many different pieces of code an I am confused as to why the $echo row[0] at the bottom of my code here does not return anything.
$dbhost = 'localhost';
$uname = $_POST["uname"];
//***create connection object
$connection = mysql_connect($dbhost, "bc572fsdf", "abcdfsds") or die(mysql_error());
$dbname = "bc57db";
mysql_select_db($dbname) or die(mysql_error());
//***select a random security question
//*** need this to import session variables
session_start();
echo ($_SESSION["ValidUser"] . "\n");
$rq = array('q1', 'q2', 'q3');
$rand_key = array_rand($rq, 1);
echo $rq[$rand_key];
$question = $rq[$rand_key];
$qtoanswer = mysql_query("select '$question' from users where uname = '$uname'");
if (!$qtoanswer) {
echo "Could not run query:" . mysql_error();
exit;
}
echo $qtoanswer;
$row = mysql_fetch_row($qtoanswer);
echo $row[0];
?>
The fault is in this line:
$qtoanswer = mysql_query("select '$question' from users where uname = '$uname'");
You should be using grave marks for the column name, such as:
$qtoanswer = mysql_query("select `$question` from users where uname = '$uname'");
^ ^
Also, you should be using MySQLi/PDO, so you can prepare this, or at the very least, escape $uname.
Because you cannot echo a array....try var_dump or print_r, or use a loop:
foreach($row[] as $result) {
echo $row[], '<br>';
}
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 5 years ago.
Improve this question
I'm learning PDO. Why is the below not working? Where is my mistake / error?
I just want the query to retrieve the highest number from seconds column
..................................................
if ($_SERVER['HTTP_X_FORWARD_FOR']) {
$ipaddress = $_SERVER['HTTP_X_FORWARD_FOR'];
} else {
$ipaddress = $_SERVER['REMOTE_ADDR'];
}
$user = "open";
$password = "r23sSF32";
$database_name = "open2";
$hostname = "localhost";
$dsn = 'mysql:dbname=' . $database_name . ';host=' . $hostname;
$conn = new PDO($dsn, $user, $password);
$sql = "SELECT MAX( seconds ) AS seconds FROM `opentill` WHERE ipaddress='$ipaddress'";
$conn->query($sql) as $row
$largests = $row['seconds'];
Try using prepared statements instead. Here's an example (untested):
$stmt = $conn->prepare("SELECT MAX( seconds ) AS seconds FROM `opentill` WHERE ipaddress = :ipaddress");
$stmt->bindParam(":ipaddress", $ipaddress); // Note: bindParam binds to the REFERENCE of the variable passed, only evaluated when execute() is called
$stmt->execute();
$result = $stmt->fetchColumn();
$result now contains that column value.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
So basically I got this code right here:
<?php
include_once 'dbconfig2.php';
$con = new DB_con();
$table = "users";
if(isset($_GET['profile_id']))
{
$sql=mysql_query("SELECT * FROM users WHERE user_id=".$_GET['profile_id']);
$result=mysql_fetch_array($sql);
}
?>
I am clueless as to how I would make it so if the user_id is not existent in the records, they cannot view their profile but it leads them to another messsage or piece of code.
If the user_id doesn't exist, there won't be any rows in the result. When you try to read a row with mysql_fetch_array(), it returns FALSE. So you can simply test $result:
if (!$result) {
die("Invalid profile ID");
}
Try to use prepared statements using mysqli, in order to avoid sql injection.
By way of example:
$mysqli = new mysqli("localhost", "root", "root", "test");
if ($mysqli->connect_errno) {
echo "connect_error". $mysqli->connect_error;
}
$id = $_GET['profile_id'];
$result = $mysqli->prepare('SELECT name FROM users WHERE user_id = ?');
$result->bind_param("i", $id);
$result->execute();
$result->bind_result($col1);
$result->fetch();
$is_valid_profile = (!$col1) ? 'Invalid profile' : 'Valid profile';
echo $is_valid_profile;
$result->close();
http://php.net/manual/en/mysqli.prepare.php
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I have been programming a telephone directory and i am now facing a problem.
When I enter ime and prezime (which are name and surname in english), I can not get broj (which is telephone number in english) of that person.
<?php
mysql_connect ("localhost", "root", "");
mysql_select_db ("imenik");
mysql_set_charset('utf8');
if (isset ($_POST['ime']) && isset ($_POST['prezime'])){
if (!empty ($_POST['ime']) && !empty ($_POST['prezime'])){
$trazeno_ime = $_POST('ime');
$trazeno_prezime = $_POST('prezime');
$query = "SELECT broj_telefona, adresa FROM korisnici WHERE ime='$trazeno_ime' AND prezime='$trazeno_prezime'";
if ($query_run = mysql_query($query)){
if(mysql_num_rows($query_run)==NULL){
echo "Nema korisnika u bazi";
}
else {
$query_row = mysql_fetch_assoc($query_run);
$brojtel = $query_row["broj_telefona"];
$adresa = $query_row["adresa"];
echo "Broj: ".$brojtel."<br>";
echo "Adresa: ".$adresa;
}
}
else {
echo "Unesi podatke";
}
}
}
?>
Change these lines:
$trazeno_ime = $_POST('ime');
$trazeno_prezime = $_POST('prezime');
To:
$trazeno_ime = $_POST['ime'];
$trazeno_prezime = $_POST['prezime'];
and you should take a look at PDO or Prepared Statements, since msyql_ functions are depricated.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I know I am doing something wrong but I really would like to know what it is. I can echo the
username of the session loggedin user using <?php echo $_SESSION['username']; ?>but I don't know why it doesn't work when I try to query database using the same technique. my codes below
I include this in the page
<?php
session_start();
$username=$_SESSION['username'];
?>
and here is the code that was suppose to display firstname and user_id of the sessions logged in user
<?php
$conn = new mysqli('localhost', 'root', 'browser', 'test');
if (mysqli_connect_errno()) {
exit('Connect failed: '. mysqli_connect_error());
}
$username = '$username';
$sql = "SELECT `user_id`, `firstname` FROM `members` WHERE `username`='$username'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo '<br /> user_id: '. $row['user_id']. ' - firstname: '. $row['firstname'];
}
}
else {
echo '0 results';
}
$conn->close();
?>
$username = '$username';
PHP variables inside single-quotes are not expanded. So now your variable is the literal string '$username', which undoubtedly won't match any user in your database.
You probably need to set $username = $_SESSION['username']; in your second PHP script.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
<?php
$filename = "your htpasswd file path goes here"; // your htpasswd file name - complete unix path - or relative to this script
$host=“host”;
$dbuser=“usert”;
$dbpswd=“pass";
$mysqldb="db_name";
$table="passwd_table";
mysql_connect("$host", "$dbuser", "$dbpswd");
mysql_select_db ("$mysqldb");
$query = mysql_query("SELECT name FROM $table");
while ($row = mysql_fetch_array($query)) {
$user = $row['name'];
$pass = $row['name'];
$encrypted = crypt($pass);
$record .= "$user:$encrypted\r\n";
}
file_put_contents($filename,$record);
?>
I am using this php to write a file for htpassword , some of my username/password has uppercase letters , i want to convert it to lowercase then encrypt password and write user/pass to file
try this
$lowercase=strtolower('Your input')
solution
mysql_connect("$host", "$dbuser", "$dbpswd");
mysql_select_db ("$mysqldb");
$query = mysql_query("SELECT name,pass FROM $table");
while ($row = mysql_fetch_array($query)) {
$user = strtolower($row['name']);
$pass = strtolower($row['pass']);
$encrypted = crypt($pass);
$record .= "$user:$encrypted\r\n";
}
Use strtolower function
Returns string with all alphabetic characters converted to lowercase.
<?php
echo strtolower("Hello WORLD.");
?>
OUTPUT : hello world.
Try this
I would add that better if to use multibyte functions if you are not 100% sure there will be only standard characters.
For example:
mb_internal_encoding("UTF-8");
...
$user = mb_strtolower($row['name']);
$pass = mb_strtolower($row['pass']);