I allow userst to create SQL queries (SELECT, UPDATE, INSERT) by posting a form.
The code:
$sql = $_POST["sql_query"]
mysqli_query($link, $sql);
And I want to make a mysqli_num_rows if the $sql uses SELECT.
How to chek if the $sql contains an SELECT?
$sql = '';
$rows = 0;
$result = mysqli_query($link, $sql);
if(strtoupper(substr($sql,0,6)) == 'SELECT')
$rows = mysqli_num_rows($result);
SELECT will always be the first word in the SQL, so just compare the first six characters. Be sure to ignore case (I'm doing this by capitalising the letters) or you may miss some queries, but this should work as a quick and easy solution.
$sql = $_POST["sql_query"];
if (strpos(strtolower($sql),'insert') !== false)
{
mysql_query($sql,$con);
}
else if (strpos(strtolower($sql),'select') !== false)
{
$row= mysql_num_rows(mysql_query($sql,$con));
}
[EDIT I dont know mysqli so i may not know the actual syntaxes. So i am giving w.r.t mysql]
Hope you can adjust it according to your convenience. Its the logic u need.
if(strstr($sql,'SELECT') || strstr($sql,'select')) {
//your code here
$query = mysqli_query($link, $sql);
$count = mysqli_num_rows($query);
echo $count;
}
Related
Something is wrong with my php,
I'm doing an account validation where if the data exist it will display "There is data" and else "No data"...
When I enter the first 'row' reference_id and submit, it shows "There is data" which is correct but when I entered the second to the last 'row' reference_id it shows "No data" even though it exist in my Database!
Database:
reference_id (varchar 250)
status (varchar250)
PHP
if (isset($_POST['submit_valid'])) {
if (!empty($_POST['reference_id']))
{
$query = mysqli_query($con, "SELECT * FROM client_record");
$result = mysqli_fetch_array($query);
if ($result['reference_id'] == $_POST['reference_id'])
{
echo"<script type='text/javascript'> alert('There is data'); window.location.href='next_page.php'; </script>";
}
if ($result['reference_id'] !== $_POST['reference_id']) {
echo"<script type='text/javascript'> alert('No data.'); window.location.href='this_page.php'; </script>";
}
}
}
I am not sure if it's the mysqli_fetch_array fault or the if-else condition is wrong?
if you guys know the problem please help me?
Your query execution currently only looks at the first row. A fetch needs to be looped to iterate over all rows. e.g.
$query = mysqli_query($con, "SELECT * FROM client_record");
$result = mysqli_fetch_array($query);
should be
$query = mysqli_query($con, "SELECT * FROM client_record");
while($result = mysqli_fetch_array($query)) {
but this is inefficient. When looking for a specific record use a where clause. Parameterized queries also will prevent SQL injections, and quoting issues. The i in the bind_param is for an integer, if your id is a string use s.
$prepared = mysqli_prepare($con, "SELECT * FROM client_record where reference_id = ?");
mysqli_stmt_bind_param($prepared, 'i', $_POST['reference_id']);
mysqli_stmt_execute($prepared);
mysqli_stmt_store_result($prepared);
while (mysqli_stmt_fetch($prepared)) {
$query = mysqli_query($con, "SELECT * FROM client_record");
$result = mysqli_fetch_array($query);
This will give you the first row from the table.
Add a WHERE reference_id = :refid clause?!
Then bind the refid parameter, so as to avoid SQL injection.
Lapiz, the problem is actually with the comparison operator:
($result['reference_id'] == $_POST['reference_id'])
This will check the first reference_id from the returned set in array.
The best way to tackle this would be to use if (in_array(5, $result)) where 5 is the needle and $result is the array haystack.
Because all you are doing is to check if the reference exists in the returned data set .
This is also good design practices, to collect results and avoid multiple reference queries each time, hit the database once and query the result set.
If its a multidemnsional array loop through the set:
foreach($result as $resultItem)
{
if(in_array("reference_id", $resultItem, true))
{
echo "There is Data";
}
}
Good Luck .
How to get value from select query without using while loop while we know that output is defiantly only one record
$sql = "SELECT id FROM MyGuests";
$result = $conn->query($sql);
while($row = $result->fetch_assoc())
{
echo $row["id"];
}
Here if i know that there is only one record comes as a output then how to avoid while loop and directly get our id
just delete the while loop!
$sql = "SELECT id FROM MyGuests";
$result = $conn->query($sql);
$row = $result->fetch_assoc();
echo $row["id"];
are you using mysql_* functions by any chance? please switch to PDO as soon as possible.
You can use MYSQl bind result if its a single row output
if( isset($con) && !empty($con) && $con!="" ) {
$knownStmt=mysqli_prepare($con, "SELECT id FROM MyGuests");
if( $knownStmt ) {
mysqli_stmt_execute($knownStmt);
mysqli_stmt_bind_result($knownStmt,$id);
mysqli_stmt_fetch($knownStmt);
mysqli_stmt_close($knownStmt);
}
}
Please try this. This is one of the best way. You can also pass the where condition also and bind the value this query. Please see below is the example for the same.
if( isset($con) && !empty($con) && $con!="" ) {
$knownStmt=mysqli_prepare($con, "SELECT name FROM MyGuests WHERE id=?");
if( $knownStmt ) {
mysqli_stmt_bind_param($knownStmt,"d",$UID);
mysqli_stmt_execute($knownStmt);
mysqli_stmt_bind_result($knownStmt,$Name);
mysqli_stmt_fetch($knownStmt);
mysqli_stmt_close($knownStmt);
}
}
I'm sure this will definitely help you.
Please note this works only for single row result.
You can use this code for your purpose.
$result = mysql_query("SELECT id FROM MyGuests");
$row=mysql_fetch_array($result);
echo $row["id"];
I want to show user if he liked a image or not..
for that I am creating php code
$userid=$_COOKIE['userid'];
$sql = "SELECT * FROM likes WHERE `user_id`='{$userid}'";
$query = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($query);
if($row){
echo "unlike";
}
else{
echo "like";
}
I can not do this for everything like 'tags', 'shares', 'comments', 'favourites' ...many
Isn't there anything simpler than this...?
Like say $row_check=mysqli_check_exist($table,$column_name,$userid);
use mysql fetch row method
$num_row = mysqli_num_rows($query);
if($num_row>0)
{
//add your code
}
else
{
//add your code
}
There are a lot of ways of doing this really but if you arnt going to use any more information then weither or not the user has liked it doing select * is a bad idea. The reason why is that you are asking the database to return the value of every column in that table.
Assuming its a small database its probably not a problem no but as your database gets bigger you are puting more load on it then you need you should try and only select the columns you need and intend to use. Ok in this case the userid is probably indexed and its only one row, but if you get in the habit of doing it here you may do it else where as well.
try this instead.
$userid=$_COOKIE['userid'];
$sql = "SELECT count(user_id) as total FROM likes WHERE `user_id`='{$userid}'";
$query = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($query);
if( $row ['total'] > 0){
echo "unlike";
}
else{
echo "like";
}
This way we are just getting the total. simple and elegant
Use mysqli_num_rows($query) if > 0 exist
You simply need to count the available records using
mysqli_num_rows($query);
This will return a number (count) of available records
So simple put a check like this :
$userid=$_COOKIE['userid'];
$sql = "SELECT * FROM likes WHERE `user_id`='{$userid}'";
$query = mysqli_query($conn, $sql);
$count = mysqli_num_rows($query);
if($count>0){
echo "unlike";
}
else{
echo "like";
}
I think this should work but it is not...
Basically i am trying to check mysql db to see if there is a record that meets the 2 variables..if no do one thing if yes do another thing. the result is always no at this point.
$result = mysql_query("SELECT 'lastname' FROM 'Cust_Releases' WHERE 'lastname' = '$usercheck' AND 'TripID'= '$RLtripid'");
echo $result;
if(mysql_num_rows($result) == 0) {
echo"no";// row not found, do stuff...
}
else {
echo"yes"; // do other stuff...
}
First of all, stop using mysql_* functions because this extension is deprecated as of PHP 5.5.0.
Second always use the (`) symbol around database names, table names and column names.
You have a reserved word used RELEASE.
$sql = "SELECT `lastname` FROM `Releases` WHERE `lastname` = '$usercheck' AND `TripID` = '$RLtripid'";
Reserved words you find here
$result = mysql_query("SELECT lastname FROM `Releases` WHERE lastname = '$usercheck' AND TripID= '$RLtripid' LIMIT 1");
if (!$result) {
die('Invalid query: ' . mysql_error());
}
echo $result;
if(mysql_num_rows($result) == 0) {
echo"no";// row not found, do stuff...
}
else {
echo"yes"; // do other stuff...
}
Escaping 'Releases', as Bondye suggested
Adding 'LIMIT 1' to your query to allow the possibility of an early-out when there is more than one matching record. You don't appear to need the total count. May not make any difference if unique constraints exist which guarantee that only one row can be returned
mysql_query is deprecated. In real code you should be using PDO and prepared statements / bind variables!
debugging is a very important thing in programming. first do make sure that the varibales $usercheck, and $RLtripid contain values.
-----------------------
$sql = "SELECT `lastname` FROM `Cust_Releases` WHERE `lastname` = '$usercheck' AND `TripID`= '$RLtripid'";
echo $sql;
$result = mysql_query($sql);
....-------------------
Try this code. It will help you
$result = mysql_query("SELECT COUNT( * ) from Cust_Releases lastname = '$usercheck' AND TripID= '$RLtripid'");
if($result == 0) {
echo"no";// row not found, do stuff...
}
else {
echo"yes"; // do other stuff...
}
//get the current member count
$sql = ("SELECT count(member_id) as total_members from exp_members");
$result = mysql_query($sql) or die(mysql_error());
$num_rows = mysql_num_rows($result);
if ($num_rows != 0) {
while($row = mysql_fetch_array($result)) {
$total_members = $row['total_members'];
}
}
//get list of products
$sql = ("SELECT m_field_id, m_field_label from exp_member_fields where m_field_name like 'cf_member_ap_%' order by m_field_id asc");
$result = mysql_query($sql) or die(mysql_error());
$num_rows = mysql_num_rows($result);
if ($num_rows != 0) {
while($row = mysql_fetch_array($result)) {
$m_field_id = $row['m_field_id'];
$m_field_label = $row['m_field_label'];
$sql2 = ("SELECT count(m_field_id_".$m_field_id.") as count from exp_member_data where m_field_id_".$m_field_id." = 'y'");
$result2 = mysql_query($sql2) or die(mysql_error());
$num_rows2 = mysql_num_rows($result2);
if ($num_rows2 != 0) {
while($row2 = mysql_fetch_array($result2)) {
$p = ($row2['count']/$total_members)*100;
$n = $row2['count'];
$out .= '<tr><td>'.$m_field_label.'</td><td>'.number_format($p,1).'%</td><td>'.$n.'</td></tr>';
}
}
}
}
It's easier to help if you can describe in non-code terms what you're trying to accomplish. But one indicator of a problem is seeing a php loop on rows from one query with another query executing for each row.
There are ways to query for subtotals. But it would be easier to explain if you can explain the goal a bit.
count query would always return 1 row, so you don't need the loop
$sql = ("SELECT count(member_id) as total_members from exp_members");
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($result);
$total_members = $row['total_members'];
Other than that i am not sure how you can make it better. You can do the same for both of your count queries.
As these are straight forward queries, any bottleneck i guess now would be on the MySQL end
The first COUNT query ("get the current member count") should execute almost instantaneously.
The second query ("get list of products") may be slow depending on your indexes. You are querying on m_field_name and then ordering on m_field_id so you may need a combined index of the two.
The third query, which is executed repeatedly (once for each product), is querying on m_field_id_* (i.e. any of a number of possible fields), so you should probably make sure they are indexed.
In summary, you need to a) figure out which query is running slow, b) index things that need to be indexed, and c) combine queries if possible.