I have problem with PHP and MySQL please help..
$lokalita_s = $_POST['lokalita_s'];
$query = "SELECT nazov, lokalita FROM reality WHERE lokalita = '".$lokalita_s."' ORDER BY id";
............
But if ($lokalita_s == "nezáleží")... then i want to select every thing from database..
something like this :
$query = "SELECT nazov, lokalita FROM reality ORDER BY id";
............
This is not working :
$lokalita_s = 0;
$lokalita_s = NULL;
$lokalita_s = *;
I really dont want to use it like if else.. because i want to use more variables in that query and it won't be effective
Try
$lokalita_s = $_POST['lokalita_s'];
$wherClause = null;
if($lokalita_s != "nezáleží") {
$wherClause = "WHERE lokalita = '" . $lokalita_s . "'";
}
$query = "SELECT nazov, lokalita FROM reality $wherClause ORDER BY id";
Something along these lines? (This works in Oracle)
$lokalita_s = $_POST['lokalita_s'];
$query = "
SELECT nazov, lokalita FROM reality WHERE lokalita = '". $lokalita_s."'
UNION
select nazov,lokalita from reality where '". $lokalita_s. "' = 'nezáleží'
order by id
"
Related
I am trying to get the data from my join query.
But after running it. It says that undefined index. Please explain to me what's wrong like I'm a potato. Thanks :)
$join_query = "select customer.customer_email, item.ItemId, item.ItemPrice, cart.qty
from customer, item, cart
where customer.customer_email = '" . $_SESSION['customer_email'] . "' AND item.ItemId = cart.orderId";
$run_join = mysqli_query($con, $join_query);
while($row_boat = mysqli_fetch_array($run_join)){
$sales_email = $_SESSION['customer_email'];
$sales_itemid = $row_boat['item.ItemId'];
$sales_itemprice = $row_boat['item.ItemPrice'];
$sales_qty = $row_boat['cart.qty'];
$sales_total = $sales_itemprice * $sales_qty;
//$sales_date =
$insert_sales = "insert into sales (customer_email, ItemId, ItemPrice, Quantity, Total)
values ('$sales_email', $'sales_itemid', '$sales_itemprice', '$sales_qty', '$sales_total')";
$run_sales = mysqli_query($con, $insert_sales);
while($row_boat = mysqli_fetch_array($run_join, MYSQLI_ASSOC))
This should fix your error
I posted a code below about my website. In this code i want to update rows in my database, if the user changed the name of the topic on the website's form. Everything is working except the sql part. I mean the part where:"LIMIT 1 OFFSET '$x'" this part of the sql code is not good for some reason, but i don't know why. I tested it in xampp phpmyadmin and it works but here something just wrong.
<?php
$sql = "SELECT topicname, username, created, COUNT(commentid)
FROM user, topic, comment
WHERE topic.topicid = comment.whichtopic
AND user.userid = topic.owner
AND user.username = '" . $_SESSION['user_name '] . "'
GROUP BY topicname ";
$lekerdezes = mysql_query($sql);
$num_rows = mysql_num_rows($lekerdezes); ?>
<?php
if (isset($_POST['delete']))
{
if (!empty($_POST['forumnev']))
{
for ($x = 0; $x < $num_rows; $x++)
{
foreach ($_POST['forumnev'] as $selected)
{
$seged = mysql_query("SELECT created FROM topic WHERE
created IN (SELECT created FROM user, topic, comment WHERE topic.topicid = comment.whichtopic
AND user.userid = topic.owner AND user.username = '" . $_SESSION['user_name '] . "'
GROUP BY topicname ORDER BY created)
LIMIT 1 OFFSET '$x'");
if (!$seged)
{
echo mysql_error();
}
$seged2 = mysql_fetch_array($seged);
$seged2 = $seged2[0];
if (!$seged2)
{
echo mysql_error();
}
$sql = mysql_query("UPDATE topic SET topicname = '$selected' WHERE created = '$seged2'");
}
}
header("Location: topicedit.php");
}
}
?>
Try updating as follows:(Hope your limit: 1 and offset: $x)
$seged = mysql_query("SELECT created FROM topic WHERE created IN (SELECT created
FROM user,topic,comment
WHERE topic.topicid = comment.whichtopic
AND user.userid = topic.owner
AND user.username = '". $_SESSION['user_name'] ."'
GROUP BY topicname
ORDER BY created)
LIMIT $x, 1");
Hi there Im still trying to change to mysqli, and I just can get things to go right some times.
The biggest thing I have is the mysqli_result, ive tried what other people have done, and doesnt seem to work.
Here is the code below:
$result = mysqli_query($con, "SELECT referer FROM users WHERE userId = '$key'");
if(mysql_result($result, 0) != "" ){
$referer = mysql_result($result, 0);
$result = mysqli_query($con, "SELECT referer FROM users WHERE userId = $referer'");
if(mysql_result($result, 0) != "" ){
$result2 = mysqli_query($con, "SELECT refered FROM users WHERE userId = $referer'");
$newRefs = mysql_result($result2, 0) + 1;
mysqli_query($con, "UPDATE users SET refered = '$newRefs' WHERE userId = '$referer'");
$result3 = mysqli_query($con, "SELECT userName FROM users WHERE userId = '$key'");
$refered = mysql_result($result3, 0);
}
}
Help would be appreciated.
Kind Regards
Chad
You can't mix mysql_ and mysqli_ functions like that. Also, mysql_result is serious old school. There is no equivalent in mysqli (and that's a good thing). I switched to mysqli_fetch_assoc, which takes your query and returns an associative array with the field names as keys. I kept it all procedural for the sake of uniformity (I hate mixing OOP with procedural). I should note that your code is horribly convoluted as written (for instance $key isn't defined anywhere). It's better to avoid reusing variable named like you have. I also HIGHLY recommend switching to an all-object codebase.
$result = mysqli_query($con, "SELECT referer FROM users WHERE userId = '$key'");
if($row = mysqli_fetch_assoc($result)){
$result2 = mysqli_query($con, "SELECT referer FROM users WHERE userId = '" . $row['referer'] . "'");
if($row2 = mysqli_fetch_assoc($result2)){
$result3 = mysqli_query($con, "SELECT refered FROM users WHERE userId = '" . $row2['referer'] . "'");
$newRefs = mysqli_fetch_assoc($result3);
mysqli_query($con, "UPDATE users SET refered = '" . $newRefs['refered'] . "' WHERE userId = '" . $row['referer'] . "'");
$result4 = mysqli_query($con, "SELECT userName FROM users WHERE userId = '$key'");
$refered = mysqli_fetch_assoc($result4);
}
}
You cannot use mysql_result!
Try to do it like this:
$result = mysqli_query($con, "SELECT referer FROM users WHERE userId = '$key'");
if( mysqli_num_rows($result, 0) ) {
list($referer) = mysqli_fetch_row($result);
....
You can use object oriented style:
$Result = $Con->query("SELECT referer FROM users WHERE userId = '$key'");
if( $Result->num_rows ) {
list($referer) = $Result->fetch_row();
If you're in the process of switching, you should go straight to PDO, not mysqli.
mysqli vs pdo - stackoverflow
I have a DB table. I want to make a text input where the user can input the "uid" and the query will return the row associated with that uid.
So let's say I have something like this:
$query = "SELECT name,age FROM people WHERE uid = '2' LIMIT 0,1";
$result = mysql_query($query);
$res = mysql_fetch_assoc($result);
echo $res["age"];
how would I modify that query to something like..
SELECT name, age
FROM people
WHERE uid = $_POST['blahblah'] LIMIT 0,1
Thanks in advance for your help!
In reality...
// Read input from $_POST
$uid = (isset($_POST['uid']) ? $_POST['uid'] : '');
// Build query. Properly escape input data.
$query =
"SELECT name,age " .
"FROM people " .
"WHERE uid = '" . mysql_real_escape_string($uid) . "' " .
"LIMIT 0,1";
Its advisable to escape characters in the variable for security reasons. Take a look at this document for some of the reasons:
http://en.wikipedia.org/wiki/SQL_injection
To save from SQL injection attack, use:
$search_query = mysql_real_escape_string($_POST['blahblah']);
$query = "SELECT name, age FROM people WHERE uid = '".$search_query."' LIMIT 0 , 1";
There are so many ways to do the same
But first escape it and store it in one variable
$blahblah = mysql_real_escape_string($_POST['blahblah']);
And then There are
First:
As #Mett Lo mentioned:
$query = "SELECT name,age FROM people WHERE uid = '" . $blahblah . "' LIMIT 0,1";
Second:
$query = "SELECT name,age FROM people WHERE uid = '{$blahblah}' LIMIT 0,1";
Third:
$query = "SELECT name,age FROM people WHERE uid = '$blahblah' LIMIT 0,1";
and if blahblah is an int value in db table then Fourth:
$query = "SELECT name,age FROM people WHERE uid = $blahblah LIMIT 0,1";
You may use the sprintf function to create the query.
$query = sprintf("SELECT name,age FROM people WHERE uid = '%s' LIMIT 0,1",
$_POST['blahblah'] );
The rest will be the same. It is highly recommended that you escape the $_POST data before running the query to prevent SQL attacks. You may re phrase the query as follows.
$query = sprintf("SELECT name,age FROM people WHERE uid = '%s' LIMIT 0,1",
mysql_escape_string($_POST['blahblah']) );
$name1 = #$_GET['search'] ;
$name = split(" +",$name1);
$query = "select * from table where field1 = '".$name[0]."'
and field2 = '".$name[1]."'
Order By `date` DESC";
I make a easy search like that, but if $name[0] and $name[1] all have data, the query can work, and if $name[1] is empty, the query is failed. how to add a judge that if $name[1] is empty, hidden and field2 = '".$name[1]."', and make the query like
$query = "select * from table where field1 = '".$name[0]."' Order BydateDESC";
You can do it with an or:
(and field2 = '".$name[1]."' or '".$name[1]."' = '')
Try this
if(!empty($name[0]) or !empty($name[1])){
$sql = "select * from table where ";
if($name[0]){
$fld1 = " field1 = '".$name[0]."'";
}
if($name[1]){
$fld2 = " field2 = '".$name[1]."'";
}
if($fld1 && $fld2)
{
$sql .= $fld1 ." and ".$fld2;
}
elseif($fld1){
$sql .= $fld1;
}
elseif($fld2){
$sql .= $fld2;
}
}
It will be better if you in your PHP script, do this check like this
$query = "select * from table where field1 = '$name[0]'"
if ($name[1]) $query .= " and field2 = '$name[1]'";
$query .= 'order by date desc';
$name[1]?'query of it exists':'query if it doesn't';