In the below code when I pass $id_num to check the id field in database it accepts but when I want to pass user id to check with database it shows the following error;
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in line no 12
Can anyone tell me where I'm going wrong.
code:
if(isset($_POST['user_mail']) && isset($_POST['user_pass']))
{
$var_1=$_POST["user_mail"];
$var_2=$_POST["user_pass"];
$result = mysqli_query($con,"SELECT * FROM jsrao_db2 WHERE user_mail=$var_1");
while($row = mysqli_fetch_array($result))
{
if(($row['user_mail']==$var_1) && ($row['user_pass']==$var_2))//compare user name and password with database value
echo "Welcome";
else
echo "Try Again";
}
change your query
$result = mysqli_query($con,"SELECT * FROM jsrao_db2 WHERE user_mail=$var_1");<br>
should be
$result = mysqli_query($con,"SELECT * FROM jsrao_db2 WHERE user_mail='$var_1'");<br>
user_mail is an string so enclose $var_1 in '$var_1'
Use Prepared Statements for cleaning up your code:
$result = false;
$stmt = $con->prepare("SELECT * FROM jsrao_db2 WHERE user_mail=?");
$stmt->bind_result($result);
$result = $stmt->bind_param("s", $var_1)->execute();
if ($result) {
//work with $result
}
Related
I'm trying to echo out every single thing in a table from sql, my code is as follows
$stmt = $link->prepare("SELECT * FROM articles");
$stmt->execute();
$stmt->store_result();
if (mysqli_stmt_num_rows($stmt) >= 1) {
$result = mysqli_stmt_get_result($stmt); //get result object
while ($row = mysqli_fetch_assoc($result)){ //get associative array
$news = $row['title'];
}
}
It doesn't work, returning as mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given
I've done my research but literally nothing works :(
You don't need to use prepared statements for this SELECT query as you aren't specifying anything WHERE.
$query = 'SELECT * FROM articles';
if ($result = $link->query($query)) {
while ($row = $result->fetch_assoc()) {
$news = $row['title'];
}
}
For a really good in-depth answer check this out: https://stackoverflow.com/a/11575617/1427345
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 3 years ago.
i have facing problem in php code. the error is given below:
mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in directory name
the php code is:
<?php
$edit_record = $_GET['edit'];
$query = "select * from std_reg where student_id='edit_record'";
$run = mysqli_query($conn, $query);
while($row = mysqli_fetch_array($run))
{
$id = $row['Student_id'];
$name = $row['name'];
}
?>
can any one help?
You have to add the result type to mysqli_fetch_array.
See the syntax: mysqli_fetch_array(result,resulttype);
while($row = mysqli_fetch_array($run,MYSQLI_ASSOC))
Give row name to while loop and add $ to edit_record in query
$edit_record = $_GET['edit'];
$query = "select * from std_reg where student_id='$edit_record'";
$run = mysqli_query($conn, $query);
while($row = mysqli_fetch_array($run))
{
$id = $row['Student_id'];
$name = $row['name'];
}
$row is not defined anywhere. In while loop you must set $row = mysqli_fetch_array($run).
You are not passing value to query correctly. $ is missing here student_id='edit_record'.
<?php
$edit_record = mysqli_real_escape_string($conn, $_GET['edit']);
$query = "SELECT * FROM std_reg WHERE student_id='$edit_record'";
$run = mysqli_query($conn, $query);
if($run)
{
while($row = mysqli_fetch_array($run))
{
$id = $row['Student_id'];
$name = $row['name'];
}
}
?>
You should really use mysqli_fetch_assoc rather than mysqli_fetch_array. It gives you the result you wanted without having to explicitly say what type of array you wanted.
From this query:
$query = "select * from std_reg where student_id='edit_record'";
To this query:
<?php
$edit_record = $_GET['edit'];$query = "select * from std_reg where student_id=".$edit_record; //Please try to observed the concatenation
$run = mysqli_query($conn, $query);
while($row = mysqli_fetch_assoc($run)) {
$id = $row['Student_id'];
$name = $row['name'];
}
?>
Here is my code:
$user = $_SESSION['uname'];
echo $user;
$output=mysqli_query($con,"SELECT pedia_id FROM users WHERE uname = $user");
echo $output;
$result = mysqli_query($con,"SELECT * FROM infant_info where pedia_number = $output ORDER BY last_name ASC");
It echoes $user but not the $output and I got an error:
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\Infant\view\InfantInfo_table.php on line 69
you need to put the $user in quotes.
"SELECT pedia_id FROM users WHERE `uname` = '".$user."'"
also mysql_query returns mysqli_result. You need to get the pedia_id from $output and then use it in next query.
$row = mysqli_fetch_array($output);
now use $row[0] in the next query instead of $output. place it in quotes.
$user = $_SESSION['uname'];
echo $user;
$output=mysqli_query($con,"SELECT pedia_id FROM users WHERE uname = '" . $user . "'");
echo $output; //its mysqli_result object
//Fetch the row from the result
$row = mysqli_fetch_array($output);
echo $row[0]; //this is pedia_id
$pedia_id = $row[0]; //wrap it in quotes if its a string
$result = mysqli_query($con,"SELECT * FROM infant_info where pedia_number = $pedia_id ORDER BY last_name ASC");
while($infantRow = mysqli_fetch_array($result))
{
//do something here with individual infant_info row
}
EDIT : assuming there can be quotes in the string value of $user. in such a case you need to escape that as well. in general sanitizing any value used for forming queries is considered best practice. alternatively you can use Prepared Statements.
I want to search my database to see if a user that is registering is using a username that is currently in my database. I have registered the same name about 5 times so it SHOULD return false but it returns true.
<?php
function registerUser($userName, $userPassword) {
$db = new dbinterface();
$db->connect();
// check for duplicate data
$checkduplicates = "SELECT * FROM usersexample WHERE $userName = :userName";
$myresult = mysql_query($checkduplicates);
if(mysql_num_rows($myresult) > 0){
echo $myresult;
return false;
}
?>
My table name is usersexample and the field i am searching is userName.
ANY and ALL help is appreciated!
Using mysql_num_rows in examples i get this warning:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource.
Use mysql_num_rows() to check the number of rows returned.
Sample:
$myresult = mysql_query($checkduplicates);
$rowcount = mysql_num_rows($myresult);
if($rowcount > 0)
{
// Account name already in use
}
You should try this...
if(mysql_num_rows($myresult) > 0) {
echo $myresult;
return false;
}
It will return false if there is a duplicate username.
$getduplicates = mysql_query("SELECT * FROM table WHERE username = $username");
$duplicates = mysql_num_rows($getduplicates);
if($duplicates){
echo "Uh oh someone already has that username";
}
else {
echo "Everything is allllllll good";
}
Please use prepared statements to avoid sql injection.
As you are using :userName in your SQL it seems you are trying to do this (is your
database class based on PDO by any chance?). The :userName part will be replaced
by your variable $userName when you do the bindValue.
Use count() in the database to count the number of records found,
the database knows best ;-)
$query = $db->prepare("SELECT count(*) AS no_found FROM usersexample WHERE userName = :userName");
$query->bindValue(':userName', $userName, PDO::PARAM_STR);
$query->execute();
$result = $query->fetchObject();
if($result->no_found > 0)
{
return false;
}
Did you try:
$checkduplicates = "SELECT userName FROM usersexample
WHERE LOWER('".$userName."') = LOWER(userName)";
$myresult = mysql_query($checkduplicates)
if (!$myresult) {
die('Invalid query: ' . mysql_error());
} else {
$num_rows = mysql_num_rows($myresult);
if (!$num_rows) {
die('Invalid query: ' . mysql_error());
} else return ($num_rows == 0);
}
Please, sanitize user input to avoid SQL injection.
I don't know if you are doing something fancy I don't understand, but I would build the query like this:
$checkduplicates = "SELECT * FROM `usersexample` WHERE `userName` = '$userName'";
Or this
$checkduplicates = "SELECT * FROM `usersexample` WHERE `userName` = '".$userName."'";
Is there any way to store mysql result in php variable? thanks
$query = "SELECT username,userid FROM user WHERE username = 'admin' ";
$result=$conn->query($query);
then I want to print selected userid from query.
Of course there is. Check out mysql_query, and mysql_fetch_row if you use MySQL.
Example from PHP manual:
<?php
$result = mysql_query("SELECT id,email FROM people WHERE id = '42'");
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
echo $row[0]; // 42
echo $row[1]; // the email value
?>
There are a couple of mysql functions you need to look into.
mysql_query("query string here") : returns a resource
mysql_fetch_array(resource obtained above) : fetches a row and return as an array with numerical and associative(with column name as key) indices. Typically, you need to iterate through the results till expression evaluates to false value. Like the below:
while ($row = mysql_fetch_array($query)){
print_r $row;
}
Consult the manual, the links to which are provided below, they have more options to specify the format in which the array is requested. Like, you could use mysql_fetch_assoc(..) to get the row in an associative array.
Links:
http://php.net/manual/en/function.mysql-query.php
http://php.net/manual/en/function.mysql-fetch-array.php
In your case,
$query = "SELECT username,userid FROM user WHERE username = 'admin' ";
$result=mysql_query($query);
if (!$result){
die("BAD!");
}
if (mysql_num_rows($result)==1){
$row = mysql_fetch_array($result);
echo "user Id: " . $row['userid'];
}
else{
echo "not found!";
}
$query="SELECT * FROM contacts";
$result=mysql_query($query);
I personally use prepared statements.
Why is it important?
Well it's important because of security. It's very easy to do an SQL injection on someone who use variables in the query.
Instead of using this code:
$query = "SELECT username,userid FROM user WHERE username = 'admin' ";
$result=$conn->query($query);
You should use this
$stmt = $this->db->query("SELECT * FROM users WHERE username = ? AND password = ?");
$stmt->bind_param("ss", $username, $password); //You need the variables to do something as well.
$stmt->execute();
Learn more about prepared statements on:
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php MySQLI
http://php.net/manual/en/pdo.prepared-statements.php PDO
$query = "SELECT username, userid FROM user WHERE username = 'admin' ";
$result = $conn->query($query);
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$arrayResult = mysql_fetch_array($result);
//Now you can access $arrayResult like this
$arrayResult['userid']; // output will be userid which will be in database
$arrayResult['username']; // output will be admin
//Note- userid and username will be column name of user table.