Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I have a problem with quotes. I can't use " or ' for $gname. What can I do for this.
$new_post = array( 'post_content' => ' ..CODES.. $result = mysqli_query($con,"SELECT * FROM wp_games WHERE name = $gname "); ..CODES..
I'm trying to create a post on wordpress.I have a plugin to use php on posts. [insert_php] is this plugin. And I also can't use quote like \" ... \" .Here is more code.
$new_post = array(
'post_content' => '[insert_php]$con=mysqli_connect("localhost","root","","wordpress");
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM wp_games WHERE name = '$gname' ");
while($row = mysqli_fetch_assoc($result)) {
echo $row["name"];
}
mysqli_close($con);
[/insert_php]',
You can create a single quote using chr(39) and append it to the string. You should also escape the contents of $gname
mysqli_query($con,"SELECT * FROM wp_games WHERE name = " . chr(39) . mysqli_real_escape_string($con, $gname) . chr(39));
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 6 years ago.
Improve this question
I am currently using PHP and SQL to throw back some paramters I enter in a form.
I can search numbers perfectly fine and it gives me the correct results but anytime I use a search like "443265dsa44dd" it displays nothing even though it's in the database.
$searchedID = $_POST['uuid'];
$sql = "SELECT name, contact, phone, address FROM test WHERE id = '.$searchedID.'";
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
echo "Name: " . $row["name"] . "<br>" . "Contact: " . $row["contact"] . "<br>" . "Phone: " . $row["phone"] . "<br>" . "Address: " . $row["address"] . " ";
}
}
The id is a primary key and set to VARCHAR, any ideas what is happening here?
You have an error when trying to include the searchedID into the sql-string.
Either concat like this:
$sql = "SELECT name, contact, phone, address FROM test WHERE id = '" . $searchedID . "'"
// note, the additional quotes
OR
let php parse that var for you (possible only inside double-quotes):
$sql = "SELECT name, contact, phone, address FROM test WHERE id = '$searchedID'"
BUT
You are vulnerable to sql-injection. So use prepared statements!
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I know I am doing something wrong but I really would like to know what it is. I can echo the
username of the session loggedin user using <?php echo $_SESSION['username']; ?>but I don't know why it doesn't work when I try to query database using the same technique. my codes below
I include this in the page
<?php
session_start();
$username=$_SESSION['username'];
?>
and here is the code that was suppose to display firstname and user_id of the sessions logged in user
<?php
$conn = new mysqli('localhost', 'root', 'browser', 'test');
if (mysqli_connect_errno()) {
exit('Connect failed: '. mysqli_connect_error());
}
$username = '$username';
$sql = "SELECT `user_id`, `firstname` FROM `members` WHERE `username`='$username'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo '<br /> user_id: '. $row['user_id']. ' - firstname: '. $row['firstname'];
}
}
else {
echo '0 results';
}
$conn->close();
?>
$username = '$username';
PHP variables inside single-quotes are not expanded. So now your variable is the literal string '$username', which undoubtedly won't match any user in your database.
You probably need to set $username = $_SESSION['username']; in your second PHP script.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
EDIT/AWNSER: It was a bloody typo, dont mind me facedesking, thanks Sadikhasan
For some reason, the function mysqli_query in my code below, doesnt work, when i open the page, it returns an error.
Fatal error: Call to undefined function msqli_query() in
**/**/**/**/**db.php on line 16
I double checked the script, but couldnt find any typo's or ";" misplacements, the login part works, its purly the query that derps.
<?php
$sqlhost = '*****';
$sqlname = '*****';
$sqlpass = '*****';
$sqldbname = '*****';
$con=mysqli_connect($sqlhost,$sqlname,$sqlpass,$sqldbname);
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}else{
echo "connection successfull!";
}
$result = msqli_query($con,"SELECT * FROM PEOPLE");
while($row = mysqli_fetch_array($result)) {
echo $row['ID'] . "<br>";
echo $row['NAME'] . "<br>";
echo $row['AGE'] . "<br>";
echo $row['SEX'] . "<br>";
echo "<hr>";
}
mysqli_close($con);
?>
The names are in capitals in the database, i checked that too :)
thanks for the help in advance!
Correct spelling to mysqli in this line
$result = msqli_query($con,"SELECT * FROM PEOPLE");
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 9 years ago.
Improve this question
Unexecpected T_VARIABLE in SQL Query on Line 5
How to fix this?
<?php
include "system.php";
$usersystem = $_SESSION['username'];
$passw = $_SESSION['password'];
$query= "SELECT * FROM users WHERE username = "$usersystem" AND password = "$passw";
$autoexec= $mysqli->query($query);
$earnings = $autoexec['earnings'];
$completed = $autoexec['completed'];
if ($_SESSION['loggedin'] !=1){
header ('Location: index.php);
}
?>
The syntax highlighter makes your issue obvious: quotes. You need to use single quotes for your strings in your query:
$query= "SELECT * FROM users WHERE username = '$usersystem' AND password = '$passw'";
Basic PHP syntax:
$query= "SELECT * FROM users WHERE username = "$usersystem" AND pas
^-- ^---
You cannot use the same type of quotes that you've used to delimit the string. Try
$query= "SELECT * FROM users WHERE username = \"$usersystem\" AND pas
^--- ^--- note the escapes
And since this is a simple typo-type problem, voting to close the question...
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 9 years ago.
Improve this question
I have the following code, but for some reason I am getting an unexpected T_Variable. I can't seem to figure out where I am getting the error at. Any assistance will be greatly appreciated. Thanks
<? php
$status = mysql_query('SELECT count(*) FROM AHG WHERE `Survey Tech Initials` = 'Jeff' AND completed = 'yes');
if (!$result) {
die('Invalid query: ' . mysql_error());
}
?>
See below
<? php
$status = mysql_query("SELECT count(*) FROM AHG WHERE `Survey Tech Initials` = 'Jeff' AND completed = 'yes'");
if (!$result) {
die('Invalid query: ' . mysql_error());
}
?>