I'm trying to retrieve the email field from my database using the id associated with it:
$query2 = mysql_query("SELECT email FROM `users` WHERE `id` = '".$userID."' ") or die(mysql_error());
This query is always returning NULL and I can't work out why.
Have tested using a var_dump that $userID is indeed correct.
But when I use it with the hardcoded value instead of $userID it works fine:
$query2 = mysql_query("SELECT email FROM `users` WHERE `id` = '85' ") or die(mysql_error());
Why isn't the $userID variable being passed to my query? Is there a way to pass this correctly?
Edit:
Declaration of $userID as requested. var_dump of this variable works OK the line before the query2.
// Fetch ID for matching details
$query = mysql_query("SELECT id FROM `users` WHERE `email` = '".$emailInput."' && `username` = '".$usernameInput."' ") or die(mysql_error());
// Successful query - ID stored
if(mysql_num_rows($query) > 0){
$userID = mysql_fetch_array($query);}
var_dump($userID);
Both var_dumps output the following on the page:
array(2) { [0]=> string(2) "85" ["id"]=> string(2) "85" } NULL
Id say the the fact that $userID is an array is your problem... Do $userID['id'] instead in the query.
$query2 = mysql_query("SELECT email FROM `users` WHERE `id` = '" . $userID['id'] . "' ") or die(mysql_error());
Its probably a concatenation problem , if the $userid is string its should be fine , but if its an integer or double..etc it will be dealt with as a string
if its an integer try :
$query2 = mysql_query("SELECT email FROM `users` WHERE `id` = ".$userID) or die(mysql_error());
or
$query2 = mysql_query("SELECT email FROM `users` WHERE `id` = ".$userID['0']) or die(mysql_error());
so, the problem is that your $userID is not 85 or a simple number but it's an array and you are still trying to concatenate it in the query.
The problem is somewhere else in your code, probably where you set $userID
Here goes the solution:
$sql = mysql_query("SELECT email FROM `users` WHERE `id` = " . $userID['id']) or die(mysql_error());
try removing either double quotes or single quotes. because id is usually of data type int you are using twice which makes it a string value..
also PHP is quite smart in recognizing variables and data types so u can use "$userID" or "{$userID}" without concatination..
Try this ....
$query2 = mysql_query("SELECT email FROM `users` WHERE `id` = $userID ") or die(mysql_error());
Related
I'm working with a system that assigns files to users. Problem is, that the response, userid, is always 0.
$user = htmlentities($_SESSION['username']);
$sql = "INSERT INTO `files`(
`userid`,
`filename`,
`filesize`,
`filetype`,
`filepath`
)
VALUES
(\"". get_user_id($user). "\",\"".
$_FILES['userfile']['name']. "\",\"".
$_FILES['userfile']['size']. "\",\"".
$_FILES['userfile']['type']. "\",\"".
$fileadress.
"\")";
Function get_user_id
function get_user_id($user){
mysql_connect(HOST, USER, PASSWORD)
or die(mysql_error());
$sqlinit = "USE secure_login";
mysql_query($sqlinit);
$sql = "SELECT `id` FROM `members` WHERE `username` = '". $user."'";
$result = mysql_query($sql);
//mysql_fetch_array($result);
echo mysql_error();
$userid = $result;
return $userid;
}
No errors, no warnings, everything else is working fine, only userid is showing always 0, even when id in members is 1,2 etc. Am I missing something? In both tables, userid and id are int.
mysql_query() returns you a mysql object, you put this object in the result variable. So if you do $userid = $result; you just duplicate the array to a new variable.
You're not accessing correctly to the element, you should write instead : $userid = $result['id'];
Take the habit to employ var_dump($result); to see what's exactly in you're variable (here result)
EDIT:
$sql = "SELECT id FROM members WHERE username = '". $user."'";
$queryRes = mysql_query($sql);
$result = mysql_fetch_array($queryRes);
$userid = $result['id'];
I believe you have to use $userid=$result['id']
As per your table, the right index would be userid
i.e:
$userid = $result['id'];
NOTE: I've edit the whole post, trying to make it clearer.
I'm terrible at getting my question clear, but this is my last try.
I got this which gets sent when clicking the button;
echo"Auto/Prijs<br><br><select name='autos'>";
echo"<br><br>";
$sql = "SELECT `garage`.`id`, `car_id`, `schade`, `naam`, `prijs` FROM `garage` LEFT JOIN `cars` ON (`garage`.`car_id` = `cars`.`id`) WHERE `user_id`=".ID." ORDER BY `id` ASC LIMIT ".($page * 10).", 10";
$sql = mysql_query($sql) or die(mysql_error());
$i = 1;
while($res = mysql_fetch_assoc($sql)){
echo"
<option value='".$res['car_id']."'>".$res['naam']."</option><br>
";
This is a dropdown, showing carnames instead of car_id's.
Now, the car_id is not unique, but refers to a car. The 'id' in the 'garage' table IS unique. Am I able to like call the 'id' too, and on sending check if that ID is actually the sent 'car_id'? Because, you can tamper the sent car_id and simply change it.
This happens on sending:
if(isset($_POST['start'])){
$prijs = $_POST['prijs'];
$carr = $_POST['autos'];
$sql = mysql_query("SELECT `id` FROM `automarkt` WHERE `seller_id`=".ID." LIMIT 1") or die(mysql_error());
mysql_query("INSERT INTO `automarkt`(`seller_id`, `prijs`, `car_id`) VALUES (".ID.", ".$prijs.", ".$carr.")") or die(mysql_error());
I'm out of idea's, and can't get clear enough on what I need to do. I need to check if the sent car_id is actually in the 'user''s garage. (Trying to do it by checking the unique entry 'id' in the 'garage' table.
Fixed it by matching rows.
$sql = mysql_query("SELECT `id` FROM `garage` WHERE `car_id`=".$carr." AND `user_id`=".ID) or die(mysql_error());
} elseif(mysql_num_rows($sql) == 0){
$msgs = bad("x");
Thanks for replies.
I am a beginner and try to have a very simple messaging system.
every thing is managed via the ID's of the users..
So if someone types the username of a person i have to convert it into the person's id:
$res_name = $_POST["res_name"];
$res_id = userToId($res_name);
This function looks like this:
function userToId($username) {
$data = array();
$func_get_args = func_get_args();
if($func_num_args = 1)
{
$res = mysql_query("SELECT id FROM `z_network_users` WHERE `username` = `$username`") or die(mysql_error());
$data = mysql_fetch_assoc($res);
}
return $data['id'];
}
it doesn't work, in fact it can't find a username even if it's existing..
the error is for example:
Unknown column 'testperson' in 'where clause'
the user exists, hope you can help me :)
ps: I know I shouldn't use mysql_* but i haven' learned the better version.. ;)
You should not use around yourvalue` I think.
When using backticks around your variable then it will be considered as column
thats why you got that error Unknown column 'testperson' in 'where clause'
you should use this (you should escape your variable to prevent sql injection)
$username = mysql_real_escape_string($username);
$res = mysql_query("SELECT id FROM `z_network_users`
WHERE `username` = '$username' ") or die(mysql_error());
or this
$username = mysql_real_escape_string($username);
$res = mysql_query("SELECT id FROM `z_network_users`
WHERE `username` = '".$username."' ") or die(mysql_error());
try that function:
function userToId($username) {
$func_get_args = func_get_args();
$username = mysql_real_escape_string($username);
if($func_num_args == 1)
{
$res = mysql_query("SELECT id FROM `z_network_users` WHERE `username` = '$username' ") or die(mysql_error());
$row = mysql_fetch_assoc($res);
}
return $row['id'];
}
"SELECT id FROM `z_network_users` WHERE `username` = '$username'"
this will fix your query BUT mysql_* functions are deprecated, so you should avoid using them. Try mysqli or PDO instead.
You should not be backticking the entries
$res = mysql_query("SELECT id FROM `z_network_users` WHERE `username` = '$username'") or die(mysql_error());
You only quote column names with backticks.
WHERE `username` = `$username`
This makes $username into a column name. You want a string instead:
WHERE `username` = '$username'
Also definitely see The Great Escapism (Or: What You Need To Know To Work With Text Within Text).
you have not any column but
WHERE `username` = `$username`"
but $username understanding as a column so remove `` from $username and put single quote to it like '$username'
I think your query return more then 1. you need to use mysql_num_rows() to get one record. Thats why it doesn't work.
This is a very simple issue. I must just be doing something stupid:
This query echos out a row id number:
$query = "SELECT * FROM userpage WHERE uploaderrating = $rating";
$result = mysql_query($query);
$row1= mysql_fetch_array($result);
echo $row1[id];
When I add in an additional condition (even though the condition is DEFINITELY met in the SQL database the the echo does produce anything (i.e. the variable is empty). The failing code is:
$query = "SELECT * FROM userpage WHERE uploaderrating = $rating and reviewer = NULL";
$result = mysql_query($query);
$row1= mysql_fetch_array($result);
echo $row1[id];
You can't use
reviewer = NULL
You need to use
reviewer IS NULL
NULL is an undefined value, so it isn't equal to anything; so you need to use IS to look for it.
you should use
$query = "SELECT * FROM userpage WHERE uploaderrating = $rating and reviewer IS NULL";
$result = mysql_query($query);
$row1= mysql_fetch_array($result);
echo $row1[id];
I hope it works.
As far as I know null values are verified with IS
... where xxx IS null
... where xxx IS NOT null
Newish to mysql. I have a query and it is not showing the value of the cell just the row name:
$sql="SELECT 'first' from `users` WHERE `id`= $userid ";
$res=mysql_query($sql) or die(mysql_error());
$row=mysql_fetch_assoc($res);
echo $row['first'] ;
What am I doing wrong????
Brackets in your query is wrong:
$sql = "SELECT 'first' from `users` WHERE `id` = $userid";
Must be:
$sql = "SELECT `first` from `users` WHERE `id` = $userid";
Note difference in first
First remove quotes from 'first' - it is a column so don't put it in quotes, you can use ` istead.
Next loop through results and that's all.
$sql="SELECT first from `users` WHERE `id`= $userid ";
$res=mysql_query($sql) or die(mysql_error());
while($row=mysql_fetch_assoc($res))
echo $row['first'] ;
Try:
echo $row[0]['first'];
SELECT 'first'
will simply return the string first.
remove the quotes.
$sql="SELECT 'first' from users WHERE id= $userid ";
you are using normal quotes to select instead of backticks you are not selecting anything from the database.
use
$sql="SELECT first from users WHERE id= $userid ";
instead
and side note:
never "be sure" that your query returns exactly 1 row
use mysql_fetch_assoc() in a loop and check if you really retrieve 1 result.