I want to count the rows in the users table with specific name and pwd which should be 1 if existed.
but the result always return null(not 0),no matter whether the user existed or not.
I even change the query simple to "SELECT * FROM users", and it ended with the same result.
And I am pretty sure that the name of the DATABASE and TABLE are true,and the table is not empty!
By the way,why I have to use "#" symbol before "mysqli_query" in order to get rid of error?
thx!
enter code here
<?php
#$mysql_db_hostname = "localhost";
$mysql_db_hostname = "127.0.0.1";
$mysql_db_user = "root";
$mysql_db_password = "";
$mysql_db_database = "smartFSUsers";
$con = mysqli_connect($mysql_db_hostname, $mysql_db_user, $mysql_db_password,$mysql_db_database);
if (!$con) {
trigger_error('Could not connect to MySQL: ' . mysqli_connect_error());
}
$name = $_GET["name"];
$password = $_GET["password"];
$query = "SELECT * FROM users WHERE name='$name' AND password='$password'";
$result =#mysqli_query($query,$con);
echo($result);
$row=#mysqli_num_rows($result);
echo"the row num is $row \n";
?>
RTM: http://php.net/mysqli_query
$result =#mysqli_query($query,$con);
You've got your parameters reversed. $con MUST come first:
$result = mysqli_query($con, $query) or die(mysqli_error());
If you had bothered adding error correction to your code, you'd have been told about this. But nope, you opted for # to hide all those error messages.
Related
I have looked in every possible forum and question page and still cant understand why my sql search is not returning any values. It is written in a PHP script which is designed to search for the name that user has entered on the HTML page and return all the columns in the database.
Please note that i am fairly new to learning PHP and SQl so please dont hate if this is just me being stupid haha.
Thanks in advance,
Chris
<!DOCTYPE html>
<html>
<body>
<?php
$ServerName = "****";
$LogInUN = "*****";
$LogInPW = "******";
$DBName = "********";
$Connection = mysqli_connect($ServerName, $LogInUN, $LogInPW, $DBName);
if(!$Connection){
die("<p>Connection error!</p>" . mysqli_connect_error());
}
$Name = mysqli_real_escape_string($Connection, $_POST['Name']);
$Query = "SELECT Firstname FROM Students WHERE Firstname LIKE '%{%Name}%'";
$result = $Connection->query($Query);
echo $result;
echo $Name;
?>
</body>
</html>
Use $Name
$Query = "SELECT Firstname FROM Students WHERE Firstname LIKE '%{$Name}%'";
After $result = $Connection->query($Query); Line write below lines
while($row = mysqli_fetch_assoc($result)) {
echo $row["Firstname"];
echo $Name;
}
Remove $result = $Connection->query($Query); and use
$result = mysqli_query($Connection, $Query);
$Query = "SELECT Firstname FROM Students WHERE Firstname LIKE '%{%Name}%'";
use this
$Query = "SELECT Firstname FROM Students WHERE Firstname LIKE '%{$Name}%'";
I am new to php.
I am doing login for user, then I would like to compare the username and password of the person when he/she login to every rows in my database table.
For this case, assume user= michael, pssword =1234
I got this:
$username= "michael";
$password= "1234";
include("includes/connect.php");
$mobile_user = "select * from mobileuser" ;
$query = mysqli_query ($conn, $mobile_user);
while($results = mysqli_fetch_array ($query)){
$user_name = $results['mobile_user_name'];
$pass = $results['mobile_user_pass'];
}
However, this only compare to the last row of data in my database table.
For example, if username=michael n password=1234 is located in the last row of my database table, then login success, if it does not located at the last row, login failed.
Anyone can help?
You should modify your code as:
$username= "michael";
$password= "1234";
include("includes/connect.php");
$mobile_user = "SELECT * FROM mobileuser WHERE mobile_user_name='$username' AND mobile_user_pass='$password' LIMIT 0,1";
$query = mysqli_query ($conn, $mobile_user);
$result = mysqli_fetch_array ($query);
$user_name = $result['mobile_user_name'];
$pass = $result['mobile_user_pass'];
This should work like a charm. However a better version of this would be:
$username= "michael";
$password= "1234";
include("includes/connect.php");
$mobile_user = "SELECT count(*) as count FROM mobileuser WHERE mobile_user_name='$username' AND mobile_user_pass='$password'";
$query = mysqli_query ($conn, $mobile_user);
$result = mysqli_fetch_array ($query);
if($result['count'] > 0){
echo "Match Found.";
}
If you want to check if a user's credential are valid, you should count the number of rows where they match ; if this is less than one, the credentials provided are invalid. SQL query :
SELECT COUNT(*) AS number, mobile_user_name, mobile_user_pass FROM mobileuser WHERE mobile_user_name = 'someusername' AND mobile_user_pass = 'somepass'
Note that you should prevent your code from SQL injections, and you may want to store hashed passwords in your database to avoid stocking them in cleartext.
give this a go:
require_once ('con.php');
$q = "SELECT `password` FROM `tbl_where_user_is` WHERE `tbl_row_username` = '$username'";
$r = mysqli_query($db_connnect, $q);
$row = mysqli_fetch_array($r);
$r = mysqli_query ($db_connnect, $q);
if(mysqli_num_rows($r)==1)
{
echo $username;
}else{
echo "user not found";
}
When I run the below code i get an error message C:\wamp\www\web\polling\includes\resul and Warning: mysqli_query() expects parameter 1 to be mysqli, integer given i
<?php
$pollid = $_POST['foodID'];
$connection = include('connection.php');
$query = "SELECT * FROM polling WHERE foodID='$pollid'";
$q = mysqli_query($connection, $query);
while($row = mysqli_fetch_array($q)) {
$id = $row[0];
$food = $row[1];
$foodRate = $row[2];
$userEmail = $row[3];
echo "<h1>$food</h1>";
echo "<h1>$userEmail</h1>";
}
?>
Try mysqli_affected_rows() and see if $q is getting any data, if not it will never enter the while loop
Besides that it appears there is an issue in your connection, can you display how your connecting in connection.php?
I'm not sure but the two different types of mysql interactions on the same page raises a red flag. Do you have other pages that work with two types of mysql interactions?
EDIT 1: Try this
$connection = mysqli_connect("localhost", "root", "", "test");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
This should work for your first script
Is there a reason your using two different types of mysql interaction?
You are missing a symbol in the statement
$query = "SELECT * FROM polling WHERE foodID='$pollid'";
s/b
$query = "SELECT * FROM `polling` WHERE foodID='$pollid'";
I have a problem with my script: i believe mysql_num_rows won't find anything from my database even though i know there is something in there (two records actually).... Anyone help?
<?php
$con = mysql_connect("localhost","root","root") or die(mysql_error());
$db = mysql_select_db("usersData", $con) or die(mysql_error());
$username = mysql_real_escape_string($username, $con) or die(mysql_error());
$query = "SELECT * FROM `usersInfo` WHERE `Username`='$username'";
$result = mysql_query($con, $query) or die(mysql_error());
$num_rows = mysql_num_rows($result) or die(mysql_error());
if($num_rows == 0)
{
//header('Location: login.php');
echo "meow";
}
?>
i hope this is a better piece of code now. However, when i run it it now gives me a white page?
Check these two lines:
$username = mysql_real_escape_string($username);
$query = "SELECT * FROM `usersInfo` WHERE `Username`='$Username'";
variable $username is different than $Username
Variables in php are case sensitive so it is like you are using two different variables here.
Fix your query so it uses the same lower case $username variable you are setting above:
$query = "SELECT * FROM `usersInfo` WHERE `Username`='$username'";
For ex. adress page test.php?prid=4477535
Code page test.php
function query($query) {
$database = 'test';
$host = 'test';
$username = 'test';
$password = 'test';
$link = mysql_connect($host,$username,$password);
if (!$link) {
die(mysql_error());
}
$db_selected = mysql_select_db($database);
if (!$db_selected) {
die(mysql_error());
}
$result = mysql_query($query);
mysql_close($link);
return $result;
}
$product_idn=$_GET['prid'];
$select_image = query("SELECT * FROM products_images WHERE `product_idn`='$product_idn'") or die(mysql_error());
foreach ($select_image as $row)
{
$select_image_array[]=$row->image;
}
print_r ($select_image_array);
receives a request
SELECT *
FROM products_images
WHERE `product_idn` = '4477535'
If make select from phpmyadmin i have 10 rows.
But if i use test.php?prid=4477535 i see empty page.
print_r ($select_image_array) not show array.
Tell me please why i see rows with phpmyadmin and not see rows with script?
Like the other said, you are prone to SQL injection since you don't serialize your input, but to fix your code, use this:
$select_image = query("SELECT * FROM products_images WHERE `product_idn`='$product_idn'") or die(mysql_error());
while($data = mysql_fetch_assoc($select_image))
{
echo $data['image'];
}
You are doing it wrong.
You have to fetch the resource (mysql_query returns a resource) into an array, and the keys of the array will be the names of the rows returned from your query.
$product_idn=$_GET['prid'];
$select_image = query("SELECT * FROM products_images WHERE `product_idn`='$product_idn'") or die(mysql_error());
while($fetch=mysql_fetch_assoc($select_image))
{
echo $fetch['image'];
}
print_r ($select_image_array);
BTW, You have a security hole here - SQL Injection.
Test the following
$result = query("SELECT * FROM products_images WHERE `product_idn`='$product_idn'")
$select_image = mysql_fetch_assoc($result);
var_dump($select_image);
for more information look at http://se2.php.net/mysql_query
You just
echo $row->image;
Never initialize $select_image_array
print_r ($select_image_array); won't show anything because there is no $select_image_array defined. Did you mean print_r ($select_image);?
Is query() a function you've defined? If not and you don't have errors on you are likely to see nothing.
You also need to sanitize your SQL. Simplest method for now since it's an integer:
$product_idn=(int)$_GET['prid'];