Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 9 years ago.
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Improve this question
I want to select the user from my database using email or username, my code is:
$sql = "SELECT * FROM `users` WHERE (`Email`='".$User."' OR `Username`='".$User."'') AND `Password`='".$Password."'";
My Code Worked
Code:
$sql = "SELECT * FROM users WHERE (Email = '$User' or Username ='$User') AND Password='$Password'";
Note: I would have posted this in a comment (believe me), because the comment box doesn't show backticks properly (I know there's a trick to it, but I don't know it, yet.)
Use this:
$sql = "SELECT * FROM `users`
WHERE (`Email`='".$User."' OR `Username`='".$User."')
AND `Password`='".$Password."'";
You had one too many quotes in '".$User."''
$sql = "SELECT * FROM `users`
WHERE (`Email`='".$User."' OR `Username`='".$User."'')
----^
AND `Password`='".$Password."'";
And do consider reading this article on how to prevent injection.
Footnote: And if by the slightest chance that you would be using the now-deprecated mysql_* functions, STOP and start using mysqli_* functions with prepared statements and/or PDO.
Try this :
$sql = "SELECT * FROM `users` WHERE (`Email`='".$User."' OR `Username`='".$User."') AND `Password`='".$Password."'";
There was an extra quote after $user variable.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
Is it safe to use this code ?
$check = mysql_query("SELECT id FROM table WHERE nick='asd'");
$count = mysql_num_rows($check);
I just need number of rows. id is AUTO_INCREMENT
If 'asd' is a constant and not related to any (user) input, then yes it is safe.
Otherwise you should replace it with bind a variable and use prepared statements or at least escape it properly. (But it is easy to forget escaping, so it is a better practice to try to use bind variables instead.)
NO. Absolutely not.
First of all, read up on MySQLi. The i stands for improved. Secondly, use prepared statements. This prevents injection. Read up on that here.
$db = new mysqli("localhost", "DATABASE-NAME", "DATABASE-USER", "DATABASE-PASS");
$check = $db->prepare("SELECT `id` FROM `table` WHERE `nick` = ?");
$check->bind_param('s', $nickVar);
$check->execute();
Don't take the easy way out. Keep doing things safe until it comes naturally. I used to be all about quick hacks, quickly get it to work, quickly write some things down, but in the end, it's best to get used to good practice.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I am a beginner with MySQL. I have this code and I would like an explanation on how the function knows which database to use since $conn and $db are defined?
$conn = mysql_connect("localhost","primeb5_mysql","***");
$db = mysql_select_db("primeb5_unigis");
$query = "SELECT * FROM lesson3";
$result = mysql_query($query);"
From PHP manual:
http://php.net/manual/en/function.mysql-query.php
The MySQL connection. If the link identifier is not specified, the
last link opened by mysql_connect() is assumed.
So, In case you don't specify the connection (second parameter) to the mysql_query() function, the last one is used.
On the side note, I'd like to notify you, that mysql_* functions have been deprecated in PHP 5.5.0. Do not use them, because if you do, your site might stop working soon.
mysql is deprecated use mysqli or PDO instead
You don't have to use an PHP function to select your database
just use this
mysqli_query("SELECT * FROM primeb5_unigis.lesson3");
or join example between multiple databases after ON missing...
mysqli_query("SELECT * FROM database1.table1 INNER JOIN database2.table2 ON ...");
edit
i think topicstarter means connection to database but i leave the answer could be helpfull
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I have this query and i am asking if i can print the result in PHP without saving the result in other table.
SELECT SUM(weekly_fees) FROM scout_cabs
You start by giving it an alias to output:
SELECT SUM(`weekly_fees`) AS `total` FROM `scout_cabs`
Then you parse it as any normal request via mysql.
<?php
$sql = "SELECT SUM(`weekly_fees`) AS `total` FROM `scout_cabs`";
$run = mysql_query($sql);
$result = mysql_fetch_assoc($run);
echo 'The sum of the query is: ' . number_format($result['total']);
It may also be worth looking into mysqli_ if you are not already using it, as mysql_ is now deprecated.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I am busy with an employee record project and would like to know if it is possible at all to have my project update the database via links?
Let me explain.
Within the editing of an employee I would like to add a menu with a couple of links. These links will only be used by our employers. The will (if the above mentioned is possible) be able to click on the link "dismissed", then that should update the database by means of changing the field "Employed_Status" to "0".
I could really use the help from professionals as I am still at the "Very beginner" stage. Thanks in advance.
Use $_GET like
if(isset($_GET['status']) and $_GET['status']=='dismiss' and isset($_GET['empId']))
{
$sql="Update employee SET Employed_Status=0
WHERE Emp_id=".(int)$_GET['empId'];// if empid is integer
// or use WHERE Emp_id=".mysql_real_escape_string($_GET['empId']);
// execute query $sql
}
calling link like, http://example.com/page.php?empId=1&status=dismiss
Edit Page:
Dismissed
Activate
action.php
$val=$_REQUEST['val'];
$sql = "UPDATE employee SET status = ? WHERE id = ?";
$q = $conn->prepare($sql);
$q->execute(array($val,$empid));
You can do this by transferring values from query string to tha page
<td><a href="insert.php?id=?"<?php echo (int) $_GET['id'] ?> >insert</a></td>
and on insert.php
extract this values using get method as:
$id = $_GET["id"];
Also extract other values in similar manner and then fire your insert query with these values.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
Could anyone give me examples of how to use parameterized queries with MySQL/PHP please?
A parameterized query is essentially a query which abstracts away all the input. This has several good side effects, like making all input harmless (ie. no harmful injections are possible) and making it faster when used repeatedly, since it is pre-parsed and compiled, so the engine knows how to apply the input given. An example in pure mysql is:
PREPARE qry FROM "INSERT INTO tbl VALUES (?)";
The statement is now compiled and cached, and can be executed repeatedly without needing to recompile and interpret it:
SET #var = "some input";
EXECUTE qry USING #var;
SET #var = "some other input";
EXECUTE qry USING #var;
When used in PHP, it's usually like this (shortened):
$stmt = prepare('INSERT INTO tbl VALUES(?)');
execute($stmt, array("some input"));
execute($stmt, array("some other input"));
execute($stmt, array("some more input"));
PREPARE stmt_name FROM "SELECT name FROM Country WHERE code = ?";
SET #test_parm = "FIN";
EXECUTE stmt_name USING #test_parm;
Source: MySQL Dev: Prepared Statements