Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 9 years ago.
Improve this question
How can I use a variable inside a mysql select from statment? like so:
$db = $_POST['db'];
$query = "SELECT * FROM $db..";
To literally answer the question:
$db = $_POST['db'];
$query = "SELECT * FROM {$db}..";
OR
$query = "SELECT * FROM {$_POST['db']}..";
OR
$query = "SELECT * FROM ".$_POST['db']."..";
As others have said, accepting unsanitized input from the POST is a very bad idea indeed
at the very least you should do the following
$db = $mysqli->real_escape_string($_POST['db']);
which will atleast ensure that other commands will not be inserted such as INSERTS, UPDATES, or GRANT
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 1 year ago.
Improve this question
Why is this working:
$sql_query = "SELECT * FROM Content WHERE id IN (1,5,7,9)";
But this isn't:
$array_values = "1,5,7,9";
$sql_query = "SELECT * FROM Content WHERE id IN ('$array_values')";
I want to select data from the database based on the integers in the $array_values string.
How can I do it?
because there are ` s in your code here
$sql_query = "SELECT * FROM Content WHERE id IN ('$array_values')";
use :
$sql_query = "SELECT * FROM Content WHERE id IN ( $array_values )";
or
$sql_query = "SELECT * FROM Content WHERE id IN (".$array_values.")";
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
$sql4 = "SELECT userid, userName FROM $user_table WHERE userName= '$userNames'";
$result = $conn->query($sql4);
$_SESSION['myUser'] = $result['userid'] ;
I have most code I can find but nothing works
Assuming these lines of code come immediately after executing an insert of a new user record and you are using PDO. You could try:
$last_id = $conn->lastInsertId();
$_SESSION['myUser'] = $last_id;
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
The image above is my sql database. what I want to do is load the names and echo in json but the thing is though, I want to show one of each name. Like see how there are 4 assassinshadow entries? I want php to echo only one of em. not making much sense am I? haha
You can use DISTINCT in your mysql query:
$mysqli = mysqli_connect("example.com", "user", "password", "database");
$query = "SELECT DISTINCT name from yourtable";
$res = mysqli_query($mysqli, $query);
$row = mysqli_fetch_assoc($res);
Two ways to do that:
SELECT distinct name FROM my_table
or
SELECT name FROM my_table group by name
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
This statement works in pgAdmin but not when run in a php script the php script can select all but can not update why is this?
UPDATE users SET password = '123123' WHERE email = 'random#random.com'
PHP code that doesn't work:
$sql = $dbh->prepare("UPDATE users SET password = '11111111111' WHERE email = 'test#outlook.com')");
$sql->execute(array());
PHP code that does work:
$sql = $dbh->prepare("SELECT * FROM users");
$sql->execute(array());
$fr = $sql->fetchAll(); var_dump($fr);
In your update query you've got ) at the end which will cause syntax error. Check it using eg. $dbh->errorInfo().
Also, don't use prepare() for queries that don't use parameters. Instead use query() for SELECT and exec() for others.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
"hat is wrong width this MySql and php construction?
$zapytanie = "UPDATE Users
SET usr_premium_expire = '$data'
WHERE usr_login = '$login';
";
You don't need the semi-colon in the MySQL statement.
If any further error occurs, try
mysql_error();
after you've executed the statement.
To validate the data sent try
echo $zapytanie;
When in doubt also escape the variables:
"UPDATE Users SET usr_premium_expire='" . $data . "' WHERE usr_login='" . $login . "'"