That one always returns a false bool:
<?php
function check($username, $db_conx) {
$sql = 'SELECT User_ID FROM tbl_user WHERE Username=?';
$stmt = $db_conx->prepare($sql);
$stmt->bind_param('s', $username);
$stmt->execute();
$ret= $stmt->get_result();
$stmt->close();
$db_conx->close();
$ret = $ret->fetch_row();
return $ret;
}
$usr = "root";
$res = check($u,$db_conx);
echo var_dump($res);
echo $a[0];
?>
I don't get it, they are pretty equal - so what's the error?
That one returns what I expected:
<?php
$usr = 'root';
$sql = "SELECT User_ID FROM tbl_user WHERE Username=?";
$stmt = $db_conx->prepare($sql);
$stmt->bind_param('s', $usr);
$stmt->execute();
$ret = $stmt->get_result();
$stmt->close();
$db_conx->close();
$ret = $ret->fetch_row();
echo var_dump($ret);
echo $ret[0];
?>
I want to recycle it over and over again with the function, but it doesn't seem to work. Is it even possible to set & execute the parameters in a function or have I just made a stupid mistake?
Related
Hello, I am trying to make php code that executes multiple sql queries as long as a certain database value equals 1. If that value does not equal one, then redirect the page to oops.php.
Here is my code so far:
<?php
session_start();
$servername = "localhost";
$username = "myUser";
$password = "myPass";
$dbname = "cashball_accounts";
$cash_amount = $_SESSION['cash_amount'];
// Create connection
$userid = $_SESSION['id'];
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Fetch the existing value of the cash_amount against that particular user here. You can use the SELECT cash_amount from users where userid = $userid
$_SESSION['cash_amount'] += $_POST['cashmade'];
$sql = "UPDATE users SET cashincheck = 0 WHERE id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('s', $userid);
$result = $stmt->execute();
if($result)
{
echo "cashin complete!";
}
else
{
echo mysqli_error($conn);
session_start();
session_unset();
session_destroy();
}
$conn->close();
?>
So I want everything from the //Fetch comment to the if($result) to execute if the variable "cashincheck" is equal to 1 in the database.
For example:
if(SELECT cashincheck FROM users WHERE id = ? = 1) {
$_SESSION['cash_amount'] += $_POST['cashmade'];
$sql = "UPDATE users SET cashincheck = 0 WHERE id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('s', $userid);
$result = $stmt->execute();
} else {
//redirect to oops.php
}
**/\ I know this wont work at all it's just an example /**
I also want to make several other if statements and update the database accordingly, meaning more sql queries and if statements will be needed,so how would I add more?
another example for a separate if statement:
if($_POST['cashmade'] < $_POST['type']) {
$sql = "UPDATE users SET moneymade = moneymade + $_POST['cashmade'] WHERE id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('s', $userid);
$result = $stmt->execute();
} else {
$sql = "UPDATE users SET moneylost = moneylost + $_POST['type'] - $_POST['cashmade'] WHERE id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('s', $userid);
$result = $stmt->execute();
}
According to the title, how can I accomplish it? One of the function that checks for IP addresses which are already stored in db should kill the specific check function without affecting others.I used to use exit() and die() but it stops all functions.
main.php:
function CheckIfUserIpExist() {
$connection = DBconnect();
$user_ip = $_SERVER["REMOTE_ADDR"];
$sql = "SELECT * FROM views WHERE user_ip = ?";
$stmt = $connection->prepare($sql);
$stmt->bind_param("s", $user_ip);
$stmt->execute();
$stmt->store_result();
$users_ip = $stmt->num_rows;
if($users_ip > 0) {
die();
}
}
function AddUserWhenPageIsViewed() {
$connection = DBconnect();
$user_ip = $_SERVER["REMOTE_ADDR"];
$time_ = date('Y-m-d G:i:s');
$sql = "INSERT INTO views (user_ip, time_) VALUES (?,?)";
$stmt = $connection->prepare($sql);
$stmt->bind_param("ss", $user_ip, $time_);
$stmt->execute();
}
Index.php
CheckIfUserIpExist();
AddUserWhenPageIsViewed();
Regards.
return is what you need
function CheckIfUserIpExist() {
$connection = DBconnect();
$user_ip = $_SERVER["REMOTE_ADDR"];
$sql = "SELECT * FROM views WHERE user_ip = ?";
$stmt = $connection->prepare($sql);
$stmt->bind_param("s", $user_ip);
$stmt->execute();
$stmt->store_result();
$users_ip = $stmt->num_rows;
if($users_ip > 0) {
return;
}
}
function AddUserWhenPageIsViewed() {
$connection = DBconnect();
$user_ip = $_SERVER["REMOTE_ADDR"];
$time_ = date('Y-m-d G:i:s');
$sql = "INSERT INTO views (user_ip, time_) VALUES (?,?)";
$stmt = $connection->prepare($sql);
$stmt->bind_param("ss", $user_ip, $time_);
$stmt->execute();
}
It would be better to return a status from your Check function
function CheckIfUserIpExist() {
$connection = DBconnect();
$user_ip = $_SERVER["REMOTE_ADDR"];
$sql = "SELECT * FROM views WHERE user_ip = ?";
$stmt = $connection->prepare($sql);
$stmt->bind_param("s", $user_ip);
$stmt->execute();
$stmt->store_result();
$users_ip = $stmt->num_rows;
if($users_ip > 0) {
return false;
}
return true;
}
function AddUserWhenPageIsViewed() {
$connection = DBconnect();
$user_ip = $_SERVER["REMOTE_ADDR"];
$time_ = date('Y-m-d G:i:s');
$sql = "INSERT INTO views (user_ip, time_) VALUES (?,?)";
$stmt = $connection->prepare($sql);
$stmt->bind_param("ss", $user_ip, $time_);
$stmt->execute();
}
Then when you call the test function you know what to do next. If you get true the user exists so dont call the Add function, if you get false, the user did not exist, so create one.
if ( ! CheckIfUserIpExist() ) {
AddUserWhenPageIsViewed();
}
There's a bit problem for mysqli select statement as I did a select statement which actually counts the number of results. But it does not return the value I want but instead it returns none. Need help guys. I did this select statement as a function using mysqli and php
function count_result($data){
global $con;
$sql = "SELECT count(user_id) as userssss from credentials where user_id = '$data'";
$result = mysqli_query($con,$sql) or die('userssss');
echo "string</br>";
$row = mysqli_fetch_assoc($result,MYSQLI_ASSOC);
echo $row['userssss']."asdasd</br>";
die("userssss");
$return = $row['user'];
return $return;
}
result
string
asdasd
userssss
It should show the result before asdasd
add global $con;
function count_result($data){
global $con;
$sql = "SELECT count(user_id) as user from credentials where user_id = '$data'";
$result = mysqli_query($con,$sql);
$row = mysqli_fetch_assoc($result,MYSQLI_ASSOC);
echo $row['user'][0]."asdasd";
die();
$return = $row['user'][0];
return $return;
}
I found it. Silly of me.
Instead of using assoc, one must use array
function count_result($data){
global $con;
$sql = "SELECT count(user_id) as userssss from credentials where user_id = '$data'";
$result = mysqli_query($con,$sql) or die('userssss');
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$return = $row['user'];
return $return;
}
You need to count everything meaning rows matched where clause. Also try to adopt prepared statements. Bellow code works.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
function count_result($data){
$user = 'username';
$password = 'password';
$db = 'database';
$host = 'hostname';
$port = 3306;
/* Attempt MySQL server connection. Assuming you are running MySQL server */
$link = mysqli_connect($host, $user, $password, $db);
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
if($stmt = $link -> prepare("SELECT COUNT(*) FROM test WHERE ID= ?"))
{
/* Bind parameters, s - string, b - blob, i - int, etc */
$stmt -> bind_param("i", $data);
$stmt -> execute();
/* Bind results */
$stmt -> bind_result($testfield1);
/* Fetch the value */
$stmt -> fetch();
$numberofrows = $stmt->num_rows;
} else{
echo "ERROR: Could not able to execute SQL. " . mysqli_error($link);
}
/* Close statement */
$stmt -> close();
echo '# rows: '. $numberofrows . PHP_EOL;
echo 'Count = '. $testfield1 ;
}
count_result(24);
?>
A silly mistake in your code :
function count_result($data){
global $con;
$sql = "SELECT count(user_id) as userssss from credentials where user_id = '$data'";
$result = mysqli_query($con,$sql) or die('userssss');
echo "string</br>";
$row = mysqli_fetch_assoc($result,MYSQLI_ASSOC);
echo $row['user']."asdasd</br>"; // did changes on this line
die("userssss");
$return = $row['user'];
return $return;
}
i just want to know if this is possible. Establishing connection without using the doctrine setup.
private function userExist($username){
$con = Doctrine_Manager::getInstance()->getConnection('doctrine');
$sql = 'SELECT username FROM tbl_user WHERE username =\''.$username.'\'';
$stmt = $con->prepare($sql);
$stmt->execute();
//$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
$result = $stmt->fetchAll();
if(!empty($result)){
return true;
}else{
return false;
}
}
to
private function userExist($username){
$con = new PDO('pgsql:host=xx.xxx.xxx;dbname=support_tool','xx','xxx');
$sql = 'SELECT username FROM tbl_user WHERE username =\''.$username.'\'';
$stmt = $con->prepare($sql);
$stmt->execute();
//$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
$result = $stmt->fetchAll();
if(!empty($result)){
return true;
}else{
return false;
}
}
i just want to test it if it is possible. if not please tell me why, thanks for the help.
I am in the process of making my mysql querys prepared in an attempt to increase security, however I have a problem when I attempt to fetch the results of a prepared statement. I have researched for the cause of the error, however many of the examples use complex code and I do not know how to apply the solution to my code.
The error
mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in
My code
$query = "SELECT cid, user1, user2 FROM convotable
WHERE user1 = ? OR user2 = ? ORDER BY createtime ASC";
$stmt = mysqli_prepare($dbc, $query);
if ($stmt) {
mysqli_stmt_bind_param($stmt, "ii", $user1, $user2);
mysqli_stmt_execute($stmt);
while($row = mysqli_fetch_array($stmt)){
$cid = $row['cid'];
$user1 = $row['user1'];
$user2 = $row['user2'];
}
}
Try this way and set variable that you bind in mysqli_stmt_bind_param()
$query = "SELECT cid, user1, user2 FROM convotable
WHERE user1 = ? OR user2 = ? ORDER BY createtime ASC";
$stmt = mysqli_prepare($dbc, $query);
if ($stmt)
{
mysqli_stmt_bind_param($stmt, "ii", $user1, $user2);
$user1=1; //set variable
$user2=2; //set variable
mysqli_stmt_execute($stmt);
while($row = mysqli_fetch_array($stmt))
{
$cid = $row['cid'];
$user1 = $row['user1'];
$user2 = $row['user2'];
}
}
See for more :http://php.net/manual/en/mysqli-stmt.execute.php
It may not be what you need, but I find using PDO (alternative to mysqli) alot more easy and clear:
<?php
$dsn = 'mysql:host=localhost;dbname=DBNAME;charset=utf8';
$user = 'user';
$pass = 'pass';
$db = new PDO($dsn, $user, $pass);
$user1 = '123';
$user2 = '234';
$query = "SELECT cid, user1, user2 FROM convotable
WHERE user1 = ? OR user2 = ? ORDER BY createtime ASC";
$stmt = $db->prepare($query);
$stmt->bindParam(1, $user1, PDO::PARAM_INT);
$stmt->bindParam(2, $user2, PDO::PARAM_INT);
if (!$stmt->execute()) {
echo 'something went wrong';
die;
}
print_r($stmt->fetchAll());