I am a beginner and try to have a very simple messaging system.
every thing is managed via the ID's of the users..
So if someone types the username of a person i have to convert it into the person's id:
$res_name = $_POST["res_name"];
$res_id = userToId($res_name);
This function looks like this:
function userToId($username) {
$data = array();
$func_get_args = func_get_args();
if($func_num_args = 1)
{
$res = mysql_query("SELECT id FROM `z_network_users` WHERE `username` = `$username`") or die(mysql_error());
$data = mysql_fetch_assoc($res);
}
return $data['id'];
}
it doesn't work, in fact it can't find a username even if it's existing..
the error is for example:
Unknown column 'testperson' in 'where clause'
the user exists, hope you can help me :)
ps: I know I shouldn't use mysql_* but i haven' learned the better version.. ;)
You should not use around yourvalue` I think.
When using backticks around your variable then it will be considered as column
thats why you got that error Unknown column 'testperson' in 'where clause'
you should use this (you should escape your variable to prevent sql injection)
$username = mysql_real_escape_string($username);
$res = mysql_query("SELECT id FROM `z_network_users`
WHERE `username` = '$username' ") or die(mysql_error());
or this
$username = mysql_real_escape_string($username);
$res = mysql_query("SELECT id FROM `z_network_users`
WHERE `username` = '".$username."' ") or die(mysql_error());
try that function:
function userToId($username) {
$func_get_args = func_get_args();
$username = mysql_real_escape_string($username);
if($func_num_args == 1)
{
$res = mysql_query("SELECT id FROM `z_network_users` WHERE `username` = '$username' ") or die(mysql_error());
$row = mysql_fetch_assoc($res);
}
return $row['id'];
}
"SELECT id FROM `z_network_users` WHERE `username` = '$username'"
this will fix your query BUT mysql_* functions are deprecated, so you should avoid using them. Try mysqli or PDO instead.
You should not be backticking the entries
$res = mysql_query("SELECT id FROM `z_network_users` WHERE `username` = '$username'") or die(mysql_error());
You only quote column names with backticks.
WHERE `username` = `$username`
This makes $username into a column name. You want a string instead:
WHERE `username` = '$username'
Also definitely see The Great Escapism (Or: What You Need To Know To Work With Text Within Text).
you have not any column but
WHERE `username` = `$username`"
but $username understanding as a column so remove `` from $username and put single quote to it like '$username'
I think your query return more then 1. you need to use mysql_num_rows() to get one record. Thats why it doesn't work.
Related
I'm trying to retrieve the email field from my database using the id associated with it:
$query2 = mysql_query("SELECT email FROM `users` WHERE `id` = '".$userID."' ") or die(mysql_error());
This query is always returning NULL and I can't work out why.
Have tested using a var_dump that $userID is indeed correct.
But when I use it with the hardcoded value instead of $userID it works fine:
$query2 = mysql_query("SELECT email FROM `users` WHERE `id` = '85' ") or die(mysql_error());
Why isn't the $userID variable being passed to my query? Is there a way to pass this correctly?
Edit:
Declaration of $userID as requested. var_dump of this variable works OK the line before the query2.
// Fetch ID for matching details
$query = mysql_query("SELECT id FROM `users` WHERE `email` = '".$emailInput."' && `username` = '".$usernameInput."' ") or die(mysql_error());
// Successful query - ID stored
if(mysql_num_rows($query) > 0){
$userID = mysql_fetch_array($query);}
var_dump($userID);
Both var_dumps output the following on the page:
array(2) { [0]=> string(2) "85" ["id"]=> string(2) "85" } NULL
Id say the the fact that $userID is an array is your problem... Do $userID['id'] instead in the query.
$query2 = mysql_query("SELECT email FROM `users` WHERE `id` = '" . $userID['id'] . "' ") or die(mysql_error());
Its probably a concatenation problem , if the $userid is string its should be fine , but if its an integer or double..etc it will be dealt with as a string
if its an integer try :
$query2 = mysql_query("SELECT email FROM `users` WHERE `id` = ".$userID) or die(mysql_error());
or
$query2 = mysql_query("SELECT email FROM `users` WHERE `id` = ".$userID['0']) or die(mysql_error());
so, the problem is that your $userID is not 85 or a simple number but it's an array and you are still trying to concatenate it in the query.
The problem is somewhere else in your code, probably where you set $userID
Here goes the solution:
$sql = mysql_query("SELECT email FROM `users` WHERE `id` = " . $userID['id']) or die(mysql_error());
try removing either double quotes or single quotes. because id is usually of data type int you are using twice which makes it a string value..
also PHP is quite smart in recognizing variables and data types so u can use "$userID" or "{$userID}" without concatination..
Try this ....
$query2 = mysql_query("SELECT email FROM `users` WHERE `id` = $userID ") or die(mysql_error());
<?php
session_start();
$username = "root";
$password = "password";
$database = "meipolytechnic";
mysql_connect('localhost', $username,$password);
#mysql_select_db($database) or die(mysql_error());
$username=$_SESSION['MM_Username'];
$query = "SELECT rollno FROM users where username = '".$username."'";
$result = mysql_query($query) or die(mysql_error());
$num = mysql_num_rows($result);
mysql_close();
$rows = array();
while($r = mysql_fetch_row($result))
{
$rows[] = $r[0];
}
echo ($rows['rollno']);
?>
i want to retrieve only the logged in users roll no from users table in database
when i run this code
and log in as foo
i get the following stuff
Unknown column 'foo' in 'where clause'
There should be session_start() at the top of the page
query need to change as
$query = "SELECT rollno FROM users where username = '".$_SESSION['MM_Username']."' ";
EDIT
Please try something before posting a question here. Please google or go through www.w3school.com for clearing this kind of issues. Make a good knowledge about arrays and mysql connection. And mysql_query function won't work latest PHP version.
Please try following code.
$result = mysql_query($query) or die(mysql_error());
$rows = array();
while($r = mysql_fetch_row($result))
{
$rows[] = $r[0];
}
print_r($rows);
To use an array inside a string you need to put a curly bracket before it and after it
so
$query = "SELECT rollno FROM users where username = {$_SESSION['MM_Username']}";
or
$query = "SELECT rollno FROM users where username = ".$_SESSION['MM_Username'];
First of all start session using start_session()
then change your query:
$query = "SELECT rollno FROM users where username = ".$_SESSION['MM_Username'];
then change:
$num = mysql_num_rows($result); instead of $num = mysql_numrows($result);
Try this query
$query = "SELECT rollno FROM users where username = ".$_SESSION[MM_Username]." ";
And start session on same page.
You can use
$username=$_SESSION[MM_Username];
$query = "SELECT rollno FROM users where username = '".$username."'";
and start the session by using session_start()
and you have used two closing tags omit one make it like below
echo ($rows['rollno']);
?>
This type of error occur when query goes false
May be becouse You have not start session, becouse if you dont have session_start(), then nothing will come in session variable... just try as
$query = "SELECT rollno FROM users where username = '".$_SESSION[MM_Username]."'";
may this help you
You must need to use session_start() before using $_SESSION variable in code.
So put below code at start,
session_start();
Then do some modification in query like,
$query = "SELECT rollno FROM users where username = '".$_SESSION['MM_Username']."'";
first start your session
session_start();
and Change your query like this...
$query = "SELECT rollno FROM users where username = '".$_SESSION['MM_Username']."'";
all im try do do is add variables that are within mysql.
I thought this would be simple but not proving to be and im not really getting anywhere.
Is it even possible to add values from mysql?
I'm sure it probably something simple, as always, any guidance is appreciated.
Thanks
$query = mysql_query("SELECT * FROM users WHERE ID ='$userid'");
$numrows = mysql_num_rows($query);
if($numrows ==1){
$row = mysql_fetch_assoc($query);
$id = $row['uid'];
$name = $row['name'];
$angles = $row['angles'];
$decimals = $row['decimals'];
$multiplication = $row['multiplication'];
$probability = $row['probability'];
$sequences = $row['sequences'];
$symmetry = $row['symmetry'];
}
$sum = $sequences + $symmetry;
print ("$sum");
Solved the issue. the query should read ....WHERE uid ='$userid'");!
You could also do the calculation by the database by a query like this:
SELECT uid, name, angles, (sequences + symmetry) AS mysum FROM users WHERE ID ='$userid'
So I'm trying to fetch data in a many-to-many relationship.
So far I have this, which finds the user:
$user = $_SESSION['user'];
$userID = mysql_query("SELECT * FROM users WHERE user='$user'") or die(mysql_error());
And I know that to echo this information I have to put it in an array like so:
while ($r = mysql_fetch_array($userID)) {
echo $r["0"];
}
This works fine, but when I try to find this variable in another table, I'm not sure what to use as the variable:
$projects = mysql_query("SELECT projects_ID FROM projects_users WHERE users_ID='???'") or die(mysql_error());
I've tried replacing ??? with $userID and $r, but to no avail. I know the code works because it's fine when I put a user ID in manually - where have I gone wrong?
$user = $_SESSION['user'];
$query = mysql_query("SELECT * FROM users WHERE user='".mysql_real_escape_string($user)."' LIMIT 1") or die(mysql_error()); //--note the LIMIT
$result = mysql_fetch_array($query);
$userID = $result[0];
$projects = mysql_query("SELECT projects_ID FROM projects_users WHERE users_ID='$userID'") or die(mysql_error());
Untested, but this should work:
$user = mysql_real_escape_string($_SESSION['user']);
$query = mysql_query("SELECT * FROM users WHERE user='$user'") or die(mysql_error());
$result = mysql_fetch_array($query);
$userID = $result[0];
$projects = mysql_query("SELECT projects_ID FROM projects_users
WHERE users_ID='$userID'") or die(mysql_error());
I your case, you'd need to place $r[0] there.
I think this code is helpful for beginners when you want to get data in array form
we use mysqli instead of mysql to protecting your data from SQL injection.
Before use this code check the database connection first
<?php $tableName='abc';
$qry="select * from $tableName";
$results=mysqli_query($qry);
while($records=mysqli_fetch_array($results))
{
$firstrecord=$records[1];
$secondrecord=$records[2];
}
?>
You can get your projects with one query:
$user = mysql_real_escape_string($_SESSION['user']);
$query = mysql_query("SELECT pu.projects_ID FROM users u
INNER JOIN projects_users pu ON (pu.users_ID = u.users_id)
WHERE u.user='$user'") or die(mysql_error());
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_assoc($result)) {
echo $row['projects_ID'];
}
I am using a MySQL table called "login" that includes fields called "username" and "subcheckr."
I would like to run a PHP query to create a new variable equal to "subcheckr" in the table where "username" equals a variable called $u. Let's say I want to call the variable "$variable."
How can I do this? The query below is what I have so far.
Thanks in advance,
John
$sqlStremail = "SELECT subcheckr
FROM login
WHERE username = '$u'";
I don't know if I understood correctly but if:
Just do something like this.
$sqlStremail = "SELECT subcheckr
FROM login
WHERE username = '$u'";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);
$variable = $row["subcheckr"];
In case you don't know, your query is vulnerable for SQL injections. Use something like mysql_real_escape() to filter your $u variable.
Is this what youa re looking for?
$result = mysql_query($sqlStremail);
$row = mysql_fetch_assoc($result);
$subcheckr = $row['subcheckr'];
$sqlStremail = mysql_query("SELECT subcheckr FROM login WHERE username = '$u'");
$result= mysql_fetch_array($sqlStremail);
$some_variable = $result['subcheckr']; // the value you want
You can do:
// make sure you use mysql_real_escape to escape your username.
$sqlStremail = "SELECT subcheckr FROM login WHERE username = '".mysql_real_escape($u)."'";
// run the query.
$result = mysql_query($sqlStremail );
// See if the query ran. If not print the cause of err and exit.
if (!$result) {
die 'Could not run query: ' . mysql_error();
}
// if query ran fine..fetch the result row.
$row = mysql_fetch_row($result);
// extract the field you want.
$subcheckr = $row['subcheckr'];
You can write
$sqlStremail = "SELECT subcheckr FROM login WHERE username = '".mysql_real_escape($u)."'";
$result = mysql_query($sqlStremail );
if (!$result) {
die 'Could not run query: ' . mysql_error();
}
$row = mysql_fetch_row($result);
$subcheckr = $row['subcheckr'];
$variable = array_pop(mysql_fetch_row(mysql_query("SELECT subcheckr FROM login WHERE username = '$u'")));
Only if username is unique