I am trying to use a mssql Query to retrieve an id from a table row.
This is the code I am trying to use:
$username = $_COOKIE['ID_my_site'];
$sql ="SELECT id FROM users WHERE username = ".$username."";
$query = mssql_query($sql, $conn);
$array = mssql_fetch_assoc($query);
$acc_id=stripslashes($array['id']);
var_dump ($sql);
echo '<script>
alert("'.$acc_id.'");
</script>';
When I use this though, the sql is correct, from what I see using var_dump. But the alert from JavaScript is blank.
How can I get the alert to display the data from the id column?
The id data should be 5.
Thank you for any help, all help is appreciated.
If you +1 my question I will +1 your answer.
I will +1 an answer if I choose it as best answer, regardless if you +1 my question or not!
Missing quotes in SQL query, try following
$sql ="SELECT id FROM users WHERE username = '".$username."'";
^ quotes ^
Related
I'm busy with a school project where I need to register users. I created the database and added the tables and can add users. What I just can't get right is to display the next available user id in the table.
I'm using php to retrieve the highest value but when I use echo the variable won't show. There is no error, there is no output at all, just the rest of the page.
Here is the code:
<?php
$db = mysqli_connect('localhost', 'root', '', 'design');
$query = "SELECT MAX(userid) AS userid FROM users" or
die(mysql_error());
$highest_id = mysqli_query($db, $query);
echo $highest_id;
?>
The code successfully connects to the database, the column is called userid, it contains int values and there are other columns as well.
All other code in the script runs perfectly, it's just this part that I can't get to work.
I have spent the last two days reading and searching for answers and I am at my wits end. Any help would be appreciated.
Thank you.
could be your table is User and not Userid
$query = "SELECT MAX(userid) AS userid FROM users"
Anyway for fetching you should use eg:
$result = mysqli_query($db, $query);
$row=mysqli_fetch_array($result,MYSQLI_NUM);
echo $row[0];
The mysqli_query returns a general object that contains the results array. You have to use the mysqli_fetch_row.
<?php
$db = mysqli_connect('localhost', 'root', '', 'design');
$query = "SELECT MAX(userid) AS userid FROM userid" or die(mysql_error());
$highest_id_query = mysqli_query($db, $query);
var_dump($highest_id_query); // so you could check the object attributes
//loop results from query
while($row=mysqli_fetch_row($highest_id_query)){
$highest_id = $row['userid'];
echo $highest_id;
}
?>
You could also use the sql statement: SELECT COUNT(*) FROM userid
Be sure to name your tables correctly! SELECT COUNT(*) FROM users
I'm developing an app for android that uses a DB on a server.
I wrote some script php to create new rows in some tables and get all elements from a table (using JSON to exchange data between android and mysql).
Now I have a problem:
i need to select an id from a table and then use this to insert a row in anothere table that has this foreign key.
Well, when I try to select my id, i don't know why, but look like it doesn't work.
Here a simple example how I select this id:
//connect to DB...
$result = mysql_query (*SELECT id FROM 'table' WHERE name = $name );
$row = mysql_fetch_assoc($result);
$id = $row['id'];
When i use this to select an id, and put it in another query (always on the same connectio) nothing is stored.
if I force the value manually, and so in the same second query I put a number of a preesisting id, the insert works, so the problem is in this piece of code.
Hope someone could help me.
Thank you!
The code that you have put on the question, contains syntax errors.
- Remove * from the start of query
- put the query inside " "
- remove single quote ('table') from table name
Here is the modified code:
//connect to DB...
$result = mysql_query ("SELECT id FROM table WHERE name = $name" );
$row = mysql_fetch_assoc($result);
$id = $row['id'];
Also you should escape the parameter $name in query. And you should use mysqli or PDO instead of mysql extension.
try this:
$result = mysql_query (*SELECT id FROM 'table' WHERE name = $name );
$row = mysql_fetch_assoc($result);
while($row > 0){
$id = $row['id'];
}
OK So I'm trying to access a table called emg_quote I have the Quote ID so Im trying to get the Column Subject from the same row as this ID but for some reason All I'm getting is the first row in the entire table? Can any one figure out what I'm doing wrong? Here is my coding:
$row['quote_id'] = quoteTitle($row['quote_id']);
function quoteTitle($quoteid){
global $db;
$sql = "SELECT subject FROM emg_quote WHERE ".$quoteid."";
$res = $db->query($sql);
$row = $db->fetch_row();
$output = $row['subject'];
return $output;
}
Are you using a custom object to wrap the native API's?
Either way it doesn't look right to me. You don't seem to be using the result of the query.
i.e.
$result = $mysqli->query($query);
$row = $result->fetch_row();
You have few bad practices in your code.
A. You lie on $quoteid to give you the correct where syntax. ie: ID=123
This is an highly unsafe method, because the user can change the it to Some-Important-Details='bla'
To extract more details from this table or others.
B. You should ALWAYS escape characters when receiving data from user, otherwise you easily subjected to SQL-Injections. And believe me you don't want it.
you have to use the checking after where.
use you column name before your $quoteid variable
$row['quote_id'] = quoteTitle($row['quote_id']);
function quoteTitle($quoteid){
global $db;
$sql = "SELECT subject FROM emg_quote WHERE quoteid=".$quoteid." LIMIT 1 ";
$res = $db->query($sql);
$row = $db->fetch_row();
$output = $row['subject'];
return $output;
}
Remember : USE limit 1 when you search with primary key and you know that only 1 record will be searched. it reduce your processing time.
You might be missing the where column.
$sql = "SELECT subject FROM emg_quote WHERE quote_id=".$quoteid."";
^^^^^^^^
We also do not see weather something with your Db class is wrong.
You should in any case not directly put request variables into a database query.
$sql = "SELECT subject FROM emg_quote WHERE ID='".$quoteid."'";
You had not wrote your db fieldname in where condition
Hi I'm trying to create a shopping cart for a college assignment, I'm trying to load a table from the contents of a variable but regardless of what I do it won't recognise its contents.
Here the code snippet
$sql = sprintf("SELECT name, description, price FROM %s WHERE id = %d;",$table, $product_id);
$result = mysql_query($sql);
The table variables contents is being missed out so its looking a nameless table, I've searched Google and found a couple of examples but are working for me.
Does anyone have any ideas?
Thanks Scott.
Try this, it should recognize your variable:
$sql = sprintf("SELECT name, description, price FROM " .$table. " WHERE id = %d", product_id);
$result = mysql_query($sql);
mysql_query take 2 parameters, one is your query and other is connection to your database so you need to do the following
$result = mysql_query($sql,your connection variable); `
Try taking off the semicolon after WHERE id = %d
Hey I am new to PHp and I am trying to enter details into my database. I am trying to enter an eventname- which the user enters (POST) and the username of the logged in user.
I have created sessions to store users usernames, the code i have is
$eventname=$_POST['eventname'];
$myusername = $_SESSION['myusername']
$sql = mysql_query("INSERT INTO $tbl_nameVALUES('','$eventname','$_SESSION['myusername'])");
echo "You have been added to the event";
Its the $sql statement which is giving the error? any help would be much appreciated.
Thanks all!
There are several potential problems here.
First, you have not escaped eventname against SQL injection. We assume hopefully that myusername is already safe. If it has not been previously filtered, also use mysql_real_escape_string() on $_SESSION['myusername'].
$eventname = mysql_real_escape_string($_POST['eventname']);
// Then you need space before VALUES and are missing a closing quote on $_SESSION['myusername'], which should be in {}
$sql = mysql_query("INSERT INTO $tbl_name VALUES('','$eventname','{$_SESSION['myusername']}')");
Finally, in order for the statement to work, it assumes you have exactly three columns in $tbl_name. You should be explicit about the columns used. Substitute the correct column names for colname1, event_name, username.
$sql = mysql_query("INSERT INTO $tbl_name (colname1, event_name, username) VALUES('','$eventname','{$_SESSION['myusername']}')");
The exact locations of SQL syntax errors will be revealed to you with some basic error checking via mysql_error().
$sql = mysql_query(<your insert statement>);
if (!$sql) {
echo mysql_error();
}
You're missing a ' on your insert statement. Try this
INSERT INTO $tbl_name VALUES('','$eventname','$_SESSION['myusername']')
Hope it help you...
$eventname=$_POST['eventname'];
$myusername = $_SESSION['myusername'];
$sql = mysql_query("INSERT INTO tbl_name VALUES('','$eventname','".$_SESSION['myusername'])."'");
echo "You have been added to the event";
You need a space between $tbl_name and VALUES, and indeed a ' after $_SESSION['myusername'].
And look up SQL injection.
Remove the single quotes around the key in your $_SESSION array:
$sql = mysql_query("INSERT INTO $tbl_name VALUES('', '$eventname', '$_SESSION[myusername])");