Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I am a beginner with MySQL. I have this code and I would like an explanation on how the function knows which database to use since $conn and $db are defined?
$conn = mysql_connect("localhost","primeb5_mysql","***");
$db = mysql_select_db("primeb5_unigis");
$query = "SELECT * FROM lesson3";
$result = mysql_query($query);"
From PHP manual:
http://php.net/manual/en/function.mysql-query.php
The MySQL connection. If the link identifier is not specified, the
last link opened by mysql_connect() is assumed.
So, In case you don't specify the connection (second parameter) to the mysql_query() function, the last one is used.
On the side note, I'd like to notify you, that mysql_* functions have been deprecated in PHP 5.5.0. Do not use them, because if you do, your site might stop working soon.
mysql is deprecated use mysqli or PDO instead
You don't have to use an PHP function to select your database
just use this
mysqli_query("SELECT * FROM primeb5_unigis.lesson3");
or join example between multiple databases after ON missing...
mysqli_query("SELECT * FROM database1.table1 INNER JOIN database2.table2 ON ...");
edit
i think topicstarter means connection to database but i leave the answer could be helpfull
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
Is it safe to use this code ?
$check = mysql_query("SELECT id FROM table WHERE nick='asd'");
$count = mysql_num_rows($check);
I just need number of rows. id is AUTO_INCREMENT
If 'asd' is a constant and not related to any (user) input, then yes it is safe.
Otherwise you should replace it with bind a variable and use prepared statements or at least escape it properly. (But it is easy to forget escaping, so it is a better practice to try to use bind variables instead.)
NO. Absolutely not.
First of all, read up on MySQLi. The i stands for improved. Secondly, use prepared statements. This prevents injection. Read up on that here.
$db = new mysqli("localhost", "DATABASE-NAME", "DATABASE-USER", "DATABASE-PASS");
$check = $db->prepare("SELECT `id` FROM `table` WHERE `nick` = ?");
$check->bind_param('s', $nickVar);
$check->execute();
Don't take the easy way out. Keep doing things safe until it comes naturally. I used to be all about quick hacks, quickly get it to work, quickly write some things down, but in the end, it's best to get used to good practice.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 9 years ago.
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Improve this question
I want to select the user from my database using email or username, my code is:
$sql = "SELECT * FROM `users` WHERE (`Email`='".$User."' OR `Username`='".$User."'') AND `Password`='".$Password."'";
My Code Worked
Code:
$sql = "SELECT * FROM users WHERE (Email = '$User' or Username ='$User') AND Password='$Password'";
Note: I would have posted this in a comment (believe me), because the comment box doesn't show backticks properly (I know there's a trick to it, but I don't know it, yet.)
Use this:
$sql = "SELECT * FROM `users`
WHERE (`Email`='".$User."' OR `Username`='".$User."')
AND `Password`='".$Password."'";
You had one too many quotes in '".$User."''
$sql = "SELECT * FROM `users`
WHERE (`Email`='".$User."' OR `Username`='".$User."'')
----^
AND `Password`='".$Password."'";
And do consider reading this article on how to prevent injection.
Footnote: And if by the slightest chance that you would be using the now-deprecated mysql_* functions, STOP and start using mysqli_* functions with prepared statements and/or PDO.
Try this :
$sql = "SELECT * FROM `users` WHERE (`Email`='".$User."' OR `Username`='".$User."') AND `Password`='".$Password."'";
There was an extra quote after $user variable.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I have this code that inserts user data into a database.
mysql_connect("server address","username","password");
mysql_select_db("login");
mysql_query("INSERT INTO login(name,username,password,email)VALUES('$_POST[fname]','$_POST[username]','$_POST[pw]','$_POST[email]')") or die("cannot execute the query");
I have an issue here. There is a username and password to enter into my server and there is also another username and password to use my database.
Where should I mention both username's and password's?
The mysql_connect() has absolutely nothing to do with server logins, and only has to do with MySQL login.
That being said, you have a number of issues:
You are using deprecated mysql_* functions. You should use mysqli extension of PDO instead.
You are horribly vulnerable to SQL injection attackes. NEVER, EVER, EVER use directly input data from the user (like $POST, $_GET, etc.) without first sanitizing/validating it.
You really should get in the habit of checking the response for each function and handling errors appropriately. For example, you should never even get to mysql_query() line of code if you mysql_connect() and mysql_select_db() calls are not successful.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
Does anyone here have a ready made PHP file (script) which can connect to the database (by inserting, host,dabasename,user,pas) and then be used to run SQL queries. For example by putting the query in a variable and then run it. This would be the same kind of queries which can be run from phpmyadmin.
If you're asking how to use a MySQL database in PHP, I suggest learning about PDO:
<?php
$pdo = new pdo("mysql:host=localhost,dbname=YourDatabase","Username","Password");
?>
and submitting would go as follow:
<?php
//Unsafe
$unsafeSubmit = $pdo->query("INSERT INTO `myTable` VALUES(`id`,'".$variable1."','".$variable2."')");
//Safe
$submitInformation = $pdo->prepare("INSERT INTO `myTable` VALUES(`id`,:varOne,:varTwo)");
$submitInformation->bindValue(":varOne",$variable1);
$submitInformation->bindValue(":varTwo",$variable2);
$submitInformation->execute();
?>
With reading it with the SELECT query.
I suggest reading the documentation on PHP.NET
You should read up on how to do this, there are multiple ways like PDO or MySQLi
documentation mysqli on php.net
documentation pdo on php.net
These are two very well used, well supported and built in libraries in PHP which will allow you to execute queries from PHP. It's one of the first things I learned at school (deprecated mysql) so you should be fine reading up on those two.
Ok i found a quick solution using Sidney Liebrand links. Thanks
<?php
$user="username";
$password="password";
$database="database";
mysql_connect(localhost,$user,$password);
#mysql_select_db($database) or die( "Unable to select database");
$query= /* query */ "";
mysql_query($query);
mysql_close();
?>
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Closed 9 years ago.
Improve this question
Is there a way by which I can make the result set returned by PDO same as the data set returned by the legacy mysql functions?
Actually, all the files in my application call a function to execute any SQL query. Currently that function uses old mysql functions. I want to change it to PDO in that single function, effectively changing to PDO over the whole application.
Hence, I need a way so that the format of the result coming out is the same as the old mysql functions.
If you mean the result set resource returned by mysql_query, then: no. Resources are specific to the extension that defines them and are meaningless to anything else. PDO returns an object, mysql_query a resource; that's apples and oranges.
If you mean an array you'd build with mysql_fetch_assoc and PDOStatement::fetch, then: of course, you can make them look identical if you bother to do so.