I have the following code:
$username = $_SESSION['username'];
$query = ("SELECT id FROM users WHERE username = '$username'");
$result = mysql_query($query) or die (mysql_error());
$row = mysql_fetch_row($result);
$user_id = $row[0];
Where should I apply mysql_real_escape_string here?
Would $user_id = mysql_real_escape_string($row[0]); work?
I know that MySQL should be left in the past. I'll move to MySQLi soon enough.
do this in first line:
$username = mysql_real_escape_string($_SESSION['username']);
and change query to this:
$query = ("SELECT id FROM users WHERE username = '".$username."'");
Related
I have this code for the select and printing values.
mysql_numn_rows returns null :/
<?php
mysql_connect('localhost','root','');
mysql_select_db("db2517");
$username = "Cristoforo";
$query = mysql_query("SELECT * users WHERE username='$username' ");
$numberOfRows = mysql_num_rows($query);
echo "num: $numberOfRows";
?>
First I would like to suggest you user PDO or MYQLI
In your query you have missed the from so replace your query:
From
$query = mysql_query("SELECT * users WHERE username='$username' ");
To
$query = mysql_query("SELECT * from users WHERE username='$username' ");
Better use mysqli or pdo instead of mysql.here you missed from in your query so your Query should be
$query = mysql_query("SELECT * from users WHERE username='$username' ");
Before I say anything else, I know my code is a mess and very bad.
ok, for some reason when I submit the form everything works fine but it gives me this error yet I'm not sure why at all.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE username = 'Nick'' at line 1
This is my code
if (isset($_POST['slot1']))
{
$token = mysql_real_escape_string($_POST['token']);
$tokenn = strip_tags($token);
$sql55 = "SELECT * FROM user_pokemon WHERE
belongsto = '".$_SESSION['username']."' AND (id='".$tokenn."')";
$result55 = mysql_query($sql55) or die(mysql_error());
$poke55 = mysql_fetch_array($result55);
$_SESSION['idpoke5'] = $poke55['id'];
$sql23 = "SELECT * FROM pokemon WHERE name='".$poke55['pokemon']."'";
$result23 = mysql_query($sql23) or die(mysql_error());
$battle_get23 = mysql_fetch_array($result23);
$result666 = mysql_query("UPDATE users SET ep=ep+".$battle_get23['ep']." WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());
$result5done = mysql_query("DELETE FROM user_pokemon WHERE id = '".$_SESSION['idpoke5']."'")
or die(mysql_error());
}
It's supposed to pretty much exchange the pokemon for points, it does it just fine. but I get the error for some reason afterwards.
Any help will be appreciated, thanks.
try this
$username = mysql_real_escape_string($_SESSION['username']);
$batleget = $battle_get23['ep'];
$result666 = mysql_query("UPDATE users SET ep=ep+CAST($batleget AS UNSIGNED)
WHERE username = '".$username."' ")
or this
$username = mysql_real_escape_string($_SESSION['username']);
$batleget = $battle_get23['ep'];
$result666 = mysql_query("UPDATE users SET ep=ep+ $batleget
WHERE username = '".$username."' ")
Hi there Im still trying to change to mysqli, and I just can get things to go right some times.
The biggest thing I have is the mysqli_result, ive tried what other people have done, and doesnt seem to work.
Here is the code below:
$result = mysqli_query($con, "SELECT referer FROM users WHERE userId = '$key'");
if(mysql_result($result, 0) != "" ){
$referer = mysql_result($result, 0);
$result = mysqli_query($con, "SELECT referer FROM users WHERE userId = $referer'");
if(mysql_result($result, 0) != "" ){
$result2 = mysqli_query($con, "SELECT refered FROM users WHERE userId = $referer'");
$newRefs = mysql_result($result2, 0) + 1;
mysqli_query($con, "UPDATE users SET refered = '$newRefs' WHERE userId = '$referer'");
$result3 = mysqli_query($con, "SELECT userName FROM users WHERE userId = '$key'");
$refered = mysql_result($result3, 0);
}
}
Help would be appreciated.
Kind Regards
Chad
You can't mix mysql_ and mysqli_ functions like that. Also, mysql_result is serious old school. There is no equivalent in mysqli (and that's a good thing). I switched to mysqli_fetch_assoc, which takes your query and returns an associative array with the field names as keys. I kept it all procedural for the sake of uniformity (I hate mixing OOP with procedural). I should note that your code is horribly convoluted as written (for instance $key isn't defined anywhere). It's better to avoid reusing variable named like you have. I also HIGHLY recommend switching to an all-object codebase.
$result = mysqli_query($con, "SELECT referer FROM users WHERE userId = '$key'");
if($row = mysqli_fetch_assoc($result)){
$result2 = mysqli_query($con, "SELECT referer FROM users WHERE userId = '" . $row['referer'] . "'");
if($row2 = mysqli_fetch_assoc($result2)){
$result3 = mysqli_query($con, "SELECT refered FROM users WHERE userId = '" . $row2['referer'] . "'");
$newRefs = mysqli_fetch_assoc($result3);
mysqli_query($con, "UPDATE users SET refered = '" . $newRefs['refered'] . "' WHERE userId = '" . $row['referer'] . "'");
$result4 = mysqli_query($con, "SELECT userName FROM users WHERE userId = '$key'");
$refered = mysqli_fetch_assoc($result4);
}
}
You cannot use mysql_result!
Try to do it like this:
$result = mysqli_query($con, "SELECT referer FROM users WHERE userId = '$key'");
if( mysqli_num_rows($result, 0) ) {
list($referer) = mysqli_fetch_row($result);
....
You can use object oriented style:
$Result = $Con->query("SELECT referer FROM users WHERE userId = '$key'");
if( $Result->num_rows ) {
list($referer) = $Result->fetch_row();
If you're in the process of switching, you should go straight to PDO, not mysqli.
mysqli vs pdo - stackoverflow
How do I get the outcome of
SELECT COUNT(user) FROM game_paths WHERE user = '$user'
to a PHP variable
I tried
mysql_num_rows
but it returns nothing.
You should use mysql_result and get the first column of the result. Like this:
$result = mysql_query("SELECT COUNT(user) FROM game_paths WHERE user='$user'");
$count = mysql_result($result, 0);
You can also alias the column like this:
$result = mysql_query("SELECT COUNT(user) AS total FROM game_paths WHERE user='$user'");
$data = mysql_fetch_assoc($result);
$count = $data['total'];
Which might be better if you're going to select several columns at the same time, and also for readability.
Try like this. you need to use mysql_fetch_assoc or mysql_fetch_array functions
$result = mysql_query(" SELECT COUNT(user) as total FROM game_paths WHERE user='$user' ");
$row = mysql_fetch_assoc($result);
echo $row['total'];
Or
$result = mysql_query(" SELECT COUNT(user) FROM game_paths WHERE user='$user' ");
$row = mysql_fetch_array($result);
echo $row[0];
Docs Link: http://us2.php.net/mysql_fetch_array
http://www.w3schools.com/php/func_mysql_fetch_array.asp
Note: mysql_* function are deprecated try to use mysqli or PDO
You can use the following code:
$result = mysql_query(" SELECT COUNT(user) FROM game_paths WHERE user='$user' ");
$row = mysql_fetch_array($result);
$count= $row[0];
or
$result = mysql_query("SELECT * FROM game_paths WHERE user='$user'");
$count=mysql_num_rows($result);
This will return the number of rows satisying the condition.
Hey friend Try this code, ithink this will solve your problem
<?php
$con=mysql_connect('hostname','DBusername','paassword');
mysql_select_db('Db_name',$conn);
$query="SELECT COUNT(user) as total FROM game_paths WHERE user='$user'";
$result=mysql_query($query,$con);
$row=mysql_fetch_array($result);
echo $row['total'];
?>
$result = mysqli_query("SELECT COUNT(user) AS user_count FROM game_paths WHERE user='$user'");
$result_array = mysql_fetch_assoc($result);
$user_count=$result_array['user_count'];
Please use mysqli_ instead of mysql_ as its deprecated in the new version
How do I select a value from a database where username is based on the session?
This is what I have so far:
$query = mysql_query ("select id from CUSTOMER where username = .$_SESSION['username'] ");
If username is in session cookie then grab the username like this
$username = $_SESSION['username'];
$escuname = mysql_real_escape_string($username);
$query = mysql_query("select id from CUSTOMER where username = '".$escuname."' LIMIT 1");
$query = mysql_query("select id from CUSTOMER where username = '".$_SESSION['username']."'");
Session variable in your query wasn't parsed properly. You could fix it using curly bracers syntax:
$query = mysql_query( "select id from CUSTOMER where username = '{$_SESSION[ "username" ]}'" );
or concatenate it using dot operator:
$query = mysql_query ( "select id from CUSTOMER where username = '" . $_SESSION[ "username" ] . "'" );
You can find more about parsing strings in PHP manual.