Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 9 years ago.
Improve this question
I'm trying to extract this data into a while loop and its literally returning nothing at all, any ideas whats wrong?
Code:
<?php
if(isset($_GET['id'])){
require('include/db.php');
require('include/init.php');
if(isset($_GET['id']) && is_numeric($_GET['id'])){
$userid = $odb->real_escape_string($_GET['id']);
$result3 = $odb->prepare("SELECT * FROM users where ID = :id");
$result3->bindValue(":id", $userid);
$result3->execute();
while($row3 = $result3->fetch_array(MYSQLI_ASSOC)){
$username=$row['username'];
$email=$row['email'];
$rank=$row['rank'];
$membership=$row['membership'];
$expire=$row['expire'];
$status=$row['status'];
echo "
Username: ".$username."<br />
Email: ".$email."<br />
Rank: ".$rank."<br />
Membership: ".$membership."<br />
Expire: ".$expire."<br />
Status: ".$status."<br />
";
}
} else {
echo "You did not enter an ID!";
}
?>
If you need any information let me know!
Since you are using PDO, some functions have to be updated. Instead of mysql_escape_string(), you can just prepare and bind the value and PDO will escape everything. Also fetch_array() should be fetch() and MYSQLI_ASSOC should be PDO::FETCH_ASSOC.
<?php
$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
if($id) {
require('include/db.php');
require('include/init.php');
// Prepare && Binding will take care of escaping the string
$result = $odb->prepare("SELECT * FROM users where ID = :id");
$result->bindValue(":id", $id);
$result->execute();
while($row = $result->fetch(PDO::FETCH_ASSOC)) {
$username = $row['username'];
$email = $row['email'];
$rank = $row['rank'];
$membership = $row['membership'];
$expire = $row['expire'];
$status = $row['status'];
echo "
Username: ".$username."<br />
Email: ".$email."<br />
Rank: ".$rank."<br />
Membership: ".$membership."<br />
Expire: ".$expire."<br />
Status: ".$status."<br />
";
}
} else {
echo "You did not enter an ID!";
}
?>
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 4 years ago.
Improve this question
I am trying to save multidimensional array in database using json_encode. if i echo json string its showing right output but in database string is changed after insert.
here is my code:
$email=$_POST['email'];
$watchlist=$_POST['watchlist'];
$watchshow=$_POST['watchshow'];
$yearshow=$_POST['yearshow'];
$quer = "SELECT email FROM users WHERE email = '$email'";
$q = mysqli_query($conn, $quer);
$count=0;
while($row = mysqli_fetch_array($q)){
$email = $row['email'];
$count++;
}
if($count==1) //if user already exist change greeting text to "Welcome Back"
{
$quer = "SELECT watchlist FROM users WHERE email = '$email'";
$q = mysqli_query($conn, $quer);
while($row = mysqli_fetch_array($q)){
$watch = $row['watchlist'];
}
$data = json_decode($watch, TRUE);
array_push($data,$watchlist);
$add=array();
array_push($add,$watchshow);
array_push($add,$yearshow);
$data[] = $add;
$t = json_encode($data , JSON_FORCE_OBJECT);
$sql = "update users set watchlist='$t' WHERE email='$email'";
if ($conn->query($sql) === TRUE) {
echo'updated';
} else {
echo'error';
}
}
else {
$new=array();
array_push($new,$watchlist);
$add=array();
array_push($add,$watchshow);
array_push($add,$yearshow);
$new[] = $add;
$name = json_encode($new);
$sql1 = "INSERT INTO users (email,watchlist)
VALUES ('$email','$name')";
if ($conn->query($sql1) === TRUE) {
echo 'success';
} else {
echo "Error: " . $sql1 . "<br>" . $conn->error;
}
}
if i echo $name output is
{"0":{"0":"Stranger Things","1":2017}}
but after insert it's showing this in database
{"0":"Stranger Things","1":{"0":"Stranger Things","1":"2017"}}
what i am doing wrong here?
You placed echo to unnecessary variable somewhere in your code thats why it prints name 2 times.. check it properly and remove it.
{"0":"Stranger Things","1":{"0":"Stranger Things","1":"2017"}}
This is happening most probably due to $new[] = $add; when you are using Loop and passing some value inside $new[i].
In first Loop its proper {"0":"Stranger Things","1":2017}
Now in second loop when i will be 1.
So, in position of 1 , {"0":"Stranger Things","1":2017} this is getting inserted again and making final array as {"0":"Stranger Things","1":{"0":"Stranger Things","1":"2017"}}
Show the complete code as it is, to identify the error.
As per the code you have provided, output must be correct.
$email= "abc#gmail.com";
$watchshow="Stranger Things";
$yearshow= 2017;
$new=array();
$add=array();
array_push($add,$watchshow);
array_push($add,$yearshow);
$new[] = $add;
$add=array();
array_push($add,$watchshow);
array_push($add,$yearshow);
$new[] = $add;
echo $name = json_encode($new, true);
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 7 years ago.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Improve this question
I want to update a row on a table and it is not updating.
This is my html and php code :
<?php
if ($_GET) {
if (isset($_GET['id'])) {
$id = preg_replace('#[^0-9]#', '', $_GET['id']);
echo $id;
$query = "SELECT * FROM posts WHERE id='{$id}'";
$result = mysqli_query($connect, $query);
$rows = mysqli_fetch_assoc($result);
} elseif (empty($_GET['id'])) {
header("location: manage_posts.php");
}
}
?>
<form action="modify_post.php?id=<?php echo $id; ?>" method="post">
<h3>Post Title <?php //echo $id; ?></h3>
<input name="title" value="<?php echo $rows['title'];?>" type="text" placeholder="Title here ..." id="title" required>
<h3>Post Content</h3>
<textarea name="content" required placeholder="Title here ..." style="resize: none"><?php echo $rows['content'];?></textarea>
<br/>
<input type="submit" value="Update" id="submit"/>
</form>
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($_POST['title'] != "" || $_POST['content'] != "") {
$id = preg_replace('#[^0-9]#', '', $_GET['id']);
$sql = "UPDATE posts SET title='{$_POST['title']}', content='{$_POST['content']}' WHERE id='{$id}'";
$update_result = mysqli_query($connect, $sql);
if (isset($result)) {
echo "<h2>Update successfully, redirecting back ...</h2>";
} else {
echo "Record hasn't been Updated" . mysqli_errno($result);
}
header("location: manage_posts.php");
} else {
echo "<h3>Please fill all fields</h3>";
}
}
?>
This is all what I could came up with !
I don't know where is the problem coming from ?
a) avoid sql injections e.g. with prepared statements + parameters
b) add more error handling and parameter checking.
<?php
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
echo 'wrong method';
}
else if ( !isset($_POST['title'], $_POST['content']) ) {
echo 'missing POST parameters';
}
else if ( !isset($_GET['id']) ) {
echo 'missing GET parameter';
}
else if ($_POST['title'] == "" || $_POST['content'] == "") {
echo '<h3>Please fill all fields</h3>';
}
else {
$stmt = $connect->prepare('UPDATE posts SET title=?, content=? WHERE id=?');
if ( !$stmt ) {
trigger_error('prepare failed', E_USER_ERROR);
}
else if ( !$stmt->bind_param('sss', $_POST['title'], $_POST['content'], $_GET['id']) ) {
trigger_error('bind_param failed', E_USER_ERROR);
}
else if ( !$stmt->execute() ) {
trigger_error('execute failed', E_USER_ERROR);
}
else {
echo '# of updated rows: ', $stmt->affected_rows();
}
}
see also
http://docs.php.net/mysqli.error-list
http://docs.php.net/mysqli-stmt.error-list
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Improve this question
I don't know why I am wrong but this login form doesn't work for me. My login form gives me the error "Incorrect login details"! I am not sure if there is a problem accesing data from database.
Here is my code:
<?php
session_start();
include('dbconnect.php');
if (isset($_POST['login'])){
// verifica daca exista date transmise
if ($_POST['log_username'] != "" && $_POST['log_pass'] != '') {
$username = $_POST['log_username'];
$password = $_POST['log_pass'];
$result = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'") or die ( "Error : ". mysql_error());
if ($result || mysql_num_rows($result) < 1) {
// daca nu, afiseaza un mesaj de eroare
echo "Incorrect login details!";
} else {
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
echo "Autentificarea a fost efectuata cu succes.";
}
}
}
?>
here is the html code part:
<form action='' method='post'>
<ul class="form-style-1">
<header id="header" class="info"><h1>Login</h1></header>
<li>
<label>Username</label><input type="text" name="log_username" class="field-long" />
</li>
<li>
<label>Parola</span></label><input type="password" name="log_pass" class="field-long" />
</li>
<br>
<br>
<input type='submit' value='Login' name='login'/>
</ul>
</form>
Try separate the variables on if statement:
if (($result < 1) || (mysql_num_rows($result) < 1))
{
...
}
Hope this help
I think you have a typo in the PHP-code. When you get the $result, you run it throught an if-statement;
if ($result || mysql_num_rows($result) < 1)
shouldn't it be
if (!$result || mysql_num_rows($result) < 1)
If you do not get a result (!$result) --> echo out ""Incorrect login details!".
Do this instead
if (mysql_num_rows($result) < 1) {
// daca nu, afiseaza un mesaj
}else{
}
NB: there is serious security issues in your code. Saving your password in session and no data validation and SQL injection.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
<form action = "index.php" method = "post">
username : <input type = "text" name = "uname" /><br>
password : <input type = "text" name = "pass" /><br>
submit : <input type = "submit" name = "submit" value = "submit" />
</form>
<?php
if(isset($_SESSION['id'])){echo $_SESSION['id'];}
if(isset($_POST['submit'])){
if ($_POST['submit'] == 'submit'){
$uname = $_POST['uname'];
$pass = $_POST['pass'];
$db = "davidedwardcakes";
$connect = mysql_connect('localhost', 'root', 'wtfiwwu');
$db_connect = mysql_selectdb($db, $connect);
if(!$db_connect){echo 'no';}
$query = "SELECT * FROM `users` WHERE uname ='$uname' AND pass = '$pass'";
$result = mysql_query($query, $connect);
if(mysql_num_rows($result) > 0){//echo 'index failed'; var_dump($result);}
while($row = mysql_fetch_array($result)){echo $row['uname']
. "<br>";
session_start();
echo 'peruse';
$_SESSION['id'] = $row['id'];}}
else{echo 'lol'; var_dump($query);}}
Whenever I want to login, i get the error:
string 'SELECT * FROM users WHERE uname ='brown' AND pass = 'kenji'' (length=61)
meaning that theres a problem with my $query. If I remove the $pass query from $query it works fine but doesn't when it is included. Can anybody help please.
Let me convert your code to MySQLi at least. MySQL is already deprecated.
<?php
/* ESTABLISH CONNECTION */
$connect=mysqli_connect("YourHost","YourUsername","YourPassword","YourDatabase"); /* REPLACE NECESSARY DATA */
if(mysqli_connect_errno()){
echo "Error".mysqli_connect_error();
}
/* REPLACE THE NECESSARY POST DATA BELOW AND PRACTICE ESCAPING STRINGS BEFORE USING IT INTO A QUERY TO AVOID SOME SQL INJECTIONS */
$uname=mysqli_real_escape_string($connect,$_POST['username']);
$pass=mysqli_real_escape_string($connect,$_POST['password']);
$query = "SELECT * FROM `users` WHERE uname ='$uname' AND pass ='$pass'";
$result = mysqli_query($connect,$query); /* EXECUTE QUERY */
if(mysqli_num_rows($result)==0){
echo 'login failed';
var_dump($result);
}
else {
while($row = mysqli_fetch_array($result)){
echo $row['uname'];
} /* END OF WHILE LOOP */
echo 'Successfully Logged-in.';
var_dump($query);
} /* END OF ELSE */
?>
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
trying to input code into the sqldatabase...what am i missing in here?
Parse error: syntax error, unexpected T_OBJECT_OPERATOR
<?php
$name = "";
$email = "";
$msg_to_user = "";
if ($_POST['name'] != "") {
require_once("storescripts/connect_to_mysqli.php");
// Be sure to filter this data to deter SQL injection, filter before querying database
$name = $_POST['name'];
$email = $_POST['email'];
$sqlCommand = "SELECT * FROM newsletter WHERE email='$email'";
$sql = mysqli_query($myConnection,$sqlCommand);
$numRows = mysqli_num_rows($sql);
if (!$email) {
$msg_to_user = '<br /><br /><h4><font color="FF0000">Please type an email address ' . $name . '.</font></h4>';
} else if ($numRows > 0) {
$msg_to_user = '<br /><br /><h4><font color="FF0000">' . $email . ' is already in the system.</font></h4>';
} else {
$sqlCommand="INSERT INTO newsletter (name, email, dateTime) VALUES(?,?,NOW() )";
$stmt= $myConnection->prepare($sqlCommand);
$stmt=->bind_param('ss',$name,$email);
$stmt->execute();
$msg_to_user = '<br /><br /><h4><font color="0066FF">Thanks ' . $name . ', you have been added successfully.</font></h4>';
$name = "";
$email = "";
}
}
?>
You have this code:
$stmt=->bind_param('ss',$name,$email);
It should be this:
$stmt->bind_param('ss',$name,$email);
Further (unrelated) advice:
Fix your SQL injection vulnerabilities by using parameterized queries. See How can I prevent SQL injection in PHP?
Correctly and consistently indent your code to prevent unreadability.