We Keep Coding

PHP - Unable to retrieve data from the database

For some reason, the query when run through PHP will not return the results. I have tried both queries in the MySQL command line, and they work perfectly there. Here is the code (mysql_connect.php is working perfectly, to clarify).
<?php
error_reporting(-1);
// retrieve email from cookie
$email = $_COOKIE['email'];
// connect to mysql database
require('mysql_connect.php');
// get user_id by searching for the email it corresponds to
$id = mysqli_query($dbc,"SELECT user_id FROM users WHERE email=$email")or die('couldn\'t get id');
// get data by using the user_id in $id
$result = mysqli_query($dbc,"SELECT * FROM users WHERE user_id=$id")or die('couldn\'t get data');
//test if the query failed
if($result === FALSE) {
die(mysql_error());
echo("error");
}
// collect the array of results and print the ones required
while($row = mysql_fetch_array($result)) {
echo $row['first_name'];
}
?>
When I run the script, I get the message "could not get id", yet that query works in the MySQL command line and PHPMyAdmin.

Your code won't work for 2 reasons - $id will not magically turn into integer, but a mysqli result. And email is a string so it should be quoted.
But...
Why is all of that?
If you want to fetch all the data for user, for certain email, just make you second query fetch data by email and remove the first one:
SELECT * FROM users WHERE email='$email';
And don't forget to escape your input, because it's in cookie. Or, use prepared statements as suggested.

Your query is not valid, you should rewrite it with the following and make sure your you have mysqli_real_escape_string of the $email value before you put it into queries:
SELECT user_id FROM users WHERE email='$email'
Better approach is to rewrite your queries using MySQLi prepared statements:
Here how to get the $id value:
$stmt = mysqli_prepare($dbc, "SELECT user_id FROM users WHERE email = ?");
mysqli_stmt_bind_param($stmt, "s", $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $id);
mysqli_stmt_fetch($stmt);

You wrote
mysqli_query($dbc,"SELECT user_id FROM users WHERE email=$email");
that is similar to
mysqli_query($dbc,"SELECT user_id FROM users WHERE email=example#example.com");
but it should be
mysqli_query($dbc,"SELECT user_id FROM users WHERE email='example#example.com'");
so you have to do this
mysqli_query($dbc,"SELECT user_id FROM users WHERE email='$email'");
or better
mysqli_query($dbc, 'SELECT user_id FROM users WHERE email=\'' . $email . '\'');
Beside this minor bug
You should be aware of SQL injection if someone changes the value of your cookie.

Using PHP functions in MySQL PDO

Can I use my own functions from PHP directly in SQL queries (using mySQL and PDO)? For example:
$query = null;
$result = null;
$query = $this->database_0->prepare("SELECT `id`, `salt` FROM `general_users` WHERE `username` = :username AND `password` = CONCAT(generatePassword(:password, `salt`)) LIMIT 1");
$query->bindValue(':username', $this->input->getValue('username'), PDO::PARAM_STR);
$query->bindValue(':password', $this->input->getValue('password'), PDO::PARAM_STR);
$query->execute();
$result = $query->fetch(PDO::FETCH_ASSOC);
$query->closeCursor();
Look at line 3 in "WHERE" case.
If it is not possible, I must use two queries just for check if a user exists, it do not look very optimal.
Thanks for your help, Bartek.

Can I use my own functions from PHP directly in SQL queries
No.
Mysql knows nothing of PHP and its functions. You are bound to use mysql functions in mysql and PHP functions in PHP. Quite easy to memorize.
So, here you go, with one single query
$sql = "SELECT id, salt, password FROM general_users WHERE username = ?";
$stmt = $this->db->prepare($sql);
$query->execute([$this->input->getValue('username')]);
$row = $query->fetch();
if (generatePassword($row['password'], $row['salt']) == $this->input->getValue('password'))
{

You can't use a PHP function in a MySQL query.
You can still do this with a single query. Just retrieve user info (including password) by comparing only its username. Then, in PHP, compare stored password with the one you have just computed. That would even allow you to distinguish two cases: "user exists, but password is wrong" and "user does not exist".

Return PDO data

Hi guys I have a program built using mysql_* and I am trying to convert it to PDO for security and depreciative reasons
So I have a load of mysql_* functions setup like
return select_from_where('users', '*', "username = '$username' AND password = '$pass'", "LIMIT 1");
Which I have converted to PDO
return $conn -> query("SELECT * FROM users WHERE username = '$username' AND password = '$pass' LIMIT 1");
However the program does not feed the right result, I'm not sure if it is even returning data
My question is, do I have to set the PDO response to a variable that I can then use, or is it possible to have it return values which I can use in my program using a similar method to above?
I have included global $conn for each function query so I'm sure it is connecting like it should, its just not feeding the result as intended..
Does anyone have a quick fix for this issue as my program is almost done and is pending release :D
Thanks in advance
Luke
** EDIT LINE *
$sql = ("SELECT * FROM users WHERE username = '$username' AND password = '$pass' LIMIT 1");
$stm = $conn->prepare($sql);
$stm->execute(array($username,$pass)); $user = $stm->fetch(); echo $user['username'];

First, Personally I see no point in having a function like select_from_where
You actually save yourself nothing - you just moved words "SELECT, FROM and WHERE" from query to function name, yet made this function extremely limited - say, no joins or stuff.
Second, PDO::query() function shouldn't be used anyway - it doesn't support prepared statements.
So, the code have to be
global $conn;
$sql = "SELECT * FROM users WHERE username = ? AND password = ? LIMIT 1";
$stm = $conn->prepare($sql);
$stm->execute(array($username,$pass));
return $stm->fetch();
You have to also configure your PHP and PDO in order to be able to see every error occurred.

Change this
return $conn -> query("SELECT * FROM users WHERE username = '$username' AND password = '$pass' LIMIT 1");
to:
$username = 'user';
$password ='password';
$stmt =$conn->prepare("SELECT * FROM users WHERE username = ? AND password = ? LIMIT 1");
$stmt->execute(array($username, $password));
echo $stmt->rowCount();

PHP MySQL Query Printing

Is there anyway I can see a query once it has been run and all variables have been instantiated?
e.g. I want to see the end result (String) of
$query = $this->db->query("SELECT email, password FROM users
WHERE email = '$email' AND password = 'PASSWORD($password)'");
I would like to see the query string after PASSWORD($password) has been done.

The query string doesn't change inside MySql, but you can do something like this to see what the password will look like:
$query = $this->db->query("SELECT PASSWORD('".mysql_real_escape_string($password)."')");

You can store the string as a variable before hand.
eg)
$query = "SELECT email, password FROM users
WHERE email = '$email' AND password = 'PASSWORD($password)'";
and then output the query with var_dump($query).
$this->db->query($query);
It is better practice though to use prepared statements and feed in escaped variables.

I needed to change
'PASSWORD($password)'
to:
PASSWORD('$password')
This fixed my issue.

PDO Query question

I need help finishing this statement. It is frustrating that two of the PHP phone books here gloss over PDO's almost all together.
All I need to do is check the database for a username that is already taken.
Here is the start of the statement.
$sql = " SELECT * FROM users WHERE userid = '$userid'";
$result = $dbh->query($sql);
What parts do I need to add to write my 'if' statement?

Something like this:
$sql = " SELECT * FROM users WHERE userid = '$userid'";
$result = $dbh->query($sql);
$row = $result->fetch();
if ($row)
echo 'Userid is taken';
I'm not sure about your question because you're asking about username but selecting userid... did you mean to select on username?