I have code
$email = "jb#tlb.com";
$row = mysql_query("SELECT EXISTS(SELECT email FROM accounts WHERE email='".$email."');");
echo $row[0];
However, nothing is echoed.
This is strange because something is being returned because, later in the code I have a function that is CALLED:
if ( $row[0] == 0 ) { echo "Email address is available<br>";};
However: this is strange because when i put the SAME CODE into mySQL database command prompt:
It clearly returns 1 or TRUE.
The mysql_query is returning 0 when the same exact command in mysql command prompt returns 1. Further: I am unable to echo the result for debugging purposes.
EDIT: Please not, the regular mySQL command is returning this and ONLY this:
EDIT: Here is there entire database:
MySQL query gives you a ressource. After that you have to fetch the data with mysql_fetch_assoc or mysql_fetch_row or something else for example. But its better to use prepared statements with mysqli or PDO to get more security.
$email = "jb#tlb.com";
$res = mysql_query("SELECT EXISTS(SELECT email FROM accounts WHERE email='".myql_real_escape_string($email)."')");
$row = mysql_fetch_assoc($res);
echo $row['email'];
Answer to your question:
$email = "jb#tlb.com";
$res = mysql_query("SELECT email FROM accounts WHERE email='".mysql_real_escape_string($email)."')");
$numRows = mysql_num_rows($res);
if($rowRows > 0) {
echo "Record Available";
}
You need to actually retrieve the result set from the query. mysql_query() just returns a resource handle for a successful select. You then need to fetch the results using mysql_fetch_* class of functions. Alternatively, you can use mysql_num_rows() to determine the number of rows returned in the result set.
In this case it is really senseless to wrap your actual query into a subquery. Just run your select and determine the number of rows:
$email = "jb#tlb.com";
$result = mysql_query("SELECT email FROM accounts WHERE email='".$email . "'");
if($result) {
$row_count = mysql_num_rows($result);
echo $row_count;
}
Also, you should not be writing new code using mysql_* functions, as these are deprecated. I would suggest mysqli or PDO extensions instead.
You need to do something like
while ($r = mysql_fetch_assoc($row))
{
echo $r[0];
}
after that code.
Let me know.
Related
I am fairly new to PHP and have been following the Lynda.com tutorials (although they still use mysql in stead of mysqli or PDO).
I'm having problems with using the data I get from my queries.
I'll use my login page as example, leaving out the connect to db part:
$login_username = trim(htmlspecialchars($_POST['username']));
$password = trim(htmlspecialchars($_POST['password'])); // from login form
$stmt = $db->prepare("SELECT * FROM users
WHERE username = :login_username");
$stmt->bindParam(':login_username', $login_username);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() > 0 && $result = password_verify($password,$result['hashed_password'])) {
$_SESSION['logged_in_id'] = $result['id'];
$_SESSION['logged_in_username'] = $login_username; //this was the only way I could pass the username as I could not get it from $result['username']
$_SESSION['first_name'] = $result['first_name'];
$_SESSION['last_name'] = $result['last_name'];
Nothing gets passed to the session and there are no errors. I also can't echo out the value of $result. If I just try to echo $result, then I just get the value 1
Please help!
Your problem is:
... && $result = password_verify($password,$result['hashed_password'])
Note that $result is an array that contains the row that you just fetched and you are assigning it a new value here; you are overwriting your $result variable so all assignments afterwards will fail.
You probably want something like:
... && password_verify($password,$result['hashed_password'])
Also note that you should not rely on the rowCount() as that is not necessarily what you expect for a SELECT statement.
As you are fetching a row already, you can simply do:
if ($result && password_verify($password,$result['hashed_password']))
If there is no result, the second condition will never be checked so it will not lead to warnings or errors.
I'm looking to label a string based on database results. I have the following code:
$loc1 = "A";
$query = "SELECT loc FROM User where nick='".$users[$j]."'";
$loc = mysql_query($query);
if($loc == 1)
$loc1 = "A";
if($loc== 2)
$loc1 = "B";
The loc1 location is always "A". I've confirmed that the query works in MySQL and I'm having a difficult time understanding why this simple case is not working. I would appreciate your help!
The function mysql_query does not return the value of the column fetched, instead it returns a MySQL resource which you use to extract the column value returned by the query.
Change:
$loc = mysql_query($query);
to:
$result = mysql_query($query);
if (!$result) {
die('Invalid query: ' . mysql_error());
}
if ($row = mysql_fetch_assoc($result)) {
$loc = $row["loc"];
}
You are storing mysql_query() return value in $loc which is a resource.
For SELECT, SHOW, DESCRIBE, EXPLAIN and other statements returning resultset, mysql_query() returns a resource on success, or FALSE on error.
So, $loc is not 1 or neither equals to 2.
You need to use mysql_fetch_array / mysql_fetch_object, etc to manipulate the resource.
You must fetch the recordset with, in example mysql_fetch_row
Example #1 Fetching one row with mysql_fetch_row()
<?php
$result = mysql_query("SELECT id,email FROM people WHERE id = '42'");
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
echo $row[0]; // 42
echo $row[1]; // the email value
?>
But, be careful with SQL injection attacks!
http://es.php.net/manual/en/security.database.sql-injection.php
Basically I am attempting to make a login. I understand a very small amount of php, but everytime I try to log in it works. So it is not following my if statement below. So I would like to see if anyone can help me print the $results as not a string. Everytime I echo it, it says error can not print as string. Which makes me think its an array, can someone help ? =(
<?php
include('include/dbConnection.php');
if (isset($_REQUEST['attempt']))
{
//variables
$user = $_POST['user'];
$password = sha1($_POST['password']);
//SQL statement
$query = "SELECT COUNT(user)
FROM users
WHERE user = '$user'
AND password = '$password'";
//Execute prepared MySQL statement
$results = mysqli_query($dbc,$query) or die('Error querying database');
/* Here is where I want to print $results
if ($results = 1)
{
session_start();
$_SESSION['$user'];
header('location: home.php');
}
else
{
echo $results + 'Incorrect Username or Password';
}
*/
//Close dbConnect
mysqli_close($dbc);
}
?>
Use var_dump($output) or print_r($output) to display contents of an array.
You have to use this:
echo "<pre>";
print_r($results);
echo "</pre>";
It first echoes so that the print of the array is formatted properly. If you don't do this it will all be on one line.
Hope this helped! :D
mysql_query() returns a statement result handle, NOT the data you've requested in the query. You first have to fetch a row of data to get access to the actual query data:
$result = mysqli_query(...);
$row = mysqli_fetch_row($result);
$count = $row[0];
mysqli_query function returns false for unsuccessful queries. it returns a MySQLi_Result object for select or show queries and true for insert and update queries.
if your query fails for some reason your script will die because of or die statement and never returns false.
if ($results = 1)
statement assigns 1 to your result variable. when your script runs, your code enters this if block. because you control the assignment statement whether it is done or not.
your query is a select, mysqli_query function returns MySQLi_Result object.
The error I get:
...mysql_fetch_array() expects parameter 1 to be resource, boolean given...
awayid is in the address bar properly. I can print it out just fine, but for some reason the following code gives me the above error.
$result = mysql_query("select * from team where id=" . $_GET['awayid']);
$row = mysql_fetch_array($result);
EDIT Tried the mysql_error(). It seems I forgot to select a database... however, even why I use mysql_select_db('gamelydb'); I still get the mysql error No database selected
Your query is failing... Therefore $result is set to false.
$result = mysql_query("select * from team where id=" . $_GET['awayid']);
var_dump($result); // bool(false)
Call mysql_error() to get the error message for your query:
echo mysql_error();
Your query is failing and returning a boolean FALSE. Try this:
$result = mysql_query("select ...") or die(mysql_error());
^^^^^^^^^^^^^^^^^^^^^^---- add this
This will kill the script and show you the exact reason the query is failing.
mysql_query() returns false if the query is unsuccessful, i.e. an error occured. That is why you need to check $result for being false first.
Use mysql_error() to output the error.
You need to be sure there is results from your query :
while ($row = mysql_fetch_array($result)) {
// echo $row[] ... ;
}
First of all, your query is very open to SQL injection attacks. Do not directly insert anything from $_GET or $_POST (or really anywhere) into your query. At the minimum, use mysql_real_escape_string on the variable.
mysql_query is returning false becuase there is something wrong with the query. You can use mysql_error to see what the last reported error is.
if ($result = mysql_query("select * from team where id='" . $_GET['awayid']) . "'") {
$row = mysql_fetch_array($result);
}
else {
echo mysql_error();
}
Anyway...you know that writing a $_GET parameter right into the SQL query is very very bad? Try it with PHP Data Objects.
Did you try and search around first Tory, we answer these questions over and over again, next time please search around.
The reason why this error occurs is because your running a query with mysql_query that fails, because it fails it returns false, you then pass the value of false to mysql_fetch_array, it's like doing mysql_fetch_array(false)
You need to make sure that mysql_query is successful:
try something like this:
if(false !== ($result = mysql_query("select * from team where id=" . $_GET['awayid'])))
{
$row = mysql_fetch_array($result);
}else
{
die("Query has failed: " . mysql_error())
}
Hi i am too new too php and mysql and i want to count the member number due to the search made by user. However, mysql_num_rows doesnt work.
mysql_num_rows(mysql_query("SELECT * FROM members WHERE $title LIKE '%$_POST[search]%' LIMIT $start,$member_number"));
It says "mysql_num_rows(): supplied argument is not a valid MySQL result resource in ..."
NOTE: $title is a select menu which user choose where to search. LIMIT is, as you know :), number of member which is shown in a page.
And also $start= ($page-1)*$member_number; in order to set the first entry in that page. I think the problem is here but i cant solve it. :(
Your query probably has an error, in which case mysql_query will return false.
For this reason, you should not group commands like this. Do it like this:
$result = mysql_query("...");
if (!$result)
{ echo mysql_error(); die(); } // or some other error handling method
// like, a generic error message on a public site
$count = mysql_num_rows($result);
Also, you have a number of SQL injection vulnerabilities in your code. You need to sanitize the incoming $search variable:
$search = mysql_real_escape_string($_POST["search"]);
... mysql_query(".... WHERE $title LIKE '%$search%'");
if $start and $end come from outside, you also need to sanitize those before using them in your LIMIT clause. You can't use mysql_real_escape_string() here, because they are numeric values. Use intval() to make sure they contain only numbers.
Using a dynamic column name is also difficult from a sanitation point of view: You won't be able to apply mysql_real_escape_string() here, either. You should ideally compare against a list of allowed column names to prevent injection.
you have to use GET method in your form, not POST.
mysql_num_rows doesn't make sense here.
If you're using limit, you already know the number*.
If you want to know number, you shouldn't use limit nor request rows but select number itself.
// get your $title safe
$fields = array("name","lastname");
$key = array_search($_GET['title'],$fields));
$title = $fields[$key];
//escape your $search
$search = mysql_real_escape_string($_GET['search']);
$sql = "SELECT count(*) FROM members WHERE $title LIKE '%$search%'";
$res = mysql_query($query) or trigger_error(mysql_error()." in ".$sql);
$row = mysql_fetch_row($res);
$members_found = $row[0]
in case you need just 5 records to show on the page, no need for mysql_num_rows() again:
// Get LIMIT params
$member_number = 5;
$start = 0;
if (isset($_GET['page'])){
$start = abs($_GET['page']-1)*$member_number;
}
// get your $title safe
$fields = array("name","lastname");
$key = array_search($_GET['title'],$fields));
$title = $fields[$key];
//escape your $search
$search = mysql_real_escape_string($_GET['search']);
$sql = "SELECT count(*) FROM members
WHERE `$title` LIKE '%$search%'
LIMIT $start, $member_number";
$res = mysql_query($query) or trigger_error(mysql_error()." in ".$sql);
while($row = mysql_fetch_assoc($res){
$data[] = $row;
}
Now you have selected rows in $data for the further use.
This kind of error generally indicates there is an error in your SQL query -- so it has not been successful, and mysql_query() doesn't return a valid resource ; which, so, cannot be used as a parameter to mysql_num_rows().
You should echo your SQL query, in order to check if it's build OK.
And/or, if mysql_query() returns false, you could use mysql_error() to get the error message : it'll help you debug your query ;-)
Typically, your code would look a bit like this :
$query = "select ..."; // note : don't forget about escaping your data
$result = mysql_query($query);
if (!$result) {
trigger_error(mysql_error()." in ".$query);
} else {
// use the resultset
}