We Keep Coding

php mysqli will not get results

I cant reslly fidn the answer to this anywhere as its quite unique to my situation.
I have the following code
$accountid = "%%GLOBAL_accountcustomer%%";
echo $accountid;
$results = $mysqli->query("SELECT * FROM exhibitor_list WHERE companyid='$accountid' ");
When I echo $accountid I get the right the id from the database. (in this case number 1)
But when trying to use $accountid in the WHERE query it displays nothing.
If i manualy change the the WHERE query to
WHERE companyid='1'
It displays the row I want to display.
I have also tried stripping $accountid of any whitespace to see if it helps but it doesnt.
Any help appreciated

In your question
but when trying to use $accountid in the WHERE query it displays nothing.
Simply it means No Data passing to this $accountid
so if $accountid is empty below query will not work
$results = $mysqli->query("SELECT * FROM exhibitor_list WHERE companyid='$accountid' ");

When you use query function, it cant be easier to debug your sql ;)
For example:
$sql = "SELECT * FROM exhibitor_list WHERE companyid='$accountid' ";
// $results = $mysqli->query($sql);
echo $sql; die();
And you have your error. You dont parse %%GLOBAL_accountcustomer%% so dont use it.

small php fetch query with "WHERE" issue

$u_ress = mysql_query("SELECT * FROM `blackjack` WHERE `brukernavn`='$spiller->brukernavn' AND `by`='$by'");
$bj = mysql_fetch_object($qry);
This code wont work. It wil only show my $by, but its not what i want. I want it to get from blackjack where brukernavn is ( as it said) AND from by aswell.
How can i this?

SELECT * FROM blackjack WHERE brukernavn='{$spiller->brukernavn}' AND by='$by'
Notice when doing advanced variables within the string you must use brackets.

Try below code,
echo "Query:=".$u_ress = ("SELECT * FROM blackjack WHERE `brukernavn` ='{$spiller->brukernavn}' AND `by` ='$by'");
$query = mysql_query($u_ress);
//$bj = mysql_fetch_object($query);
mysql_query is not recommended.

What is the error in the below Query?

I have written the below query in Drupal6.
$sql =
"SELECT registryvalue
FROM {muln_registry}
WHERE fk_applicationid = %d
AND registrykey = '%s'";
$result = db_result(db_query($sql, 32, 'SHOW_SCORE_TO_STUDENT'));
It is supposed to return the value 1. But it is not displaying anything. If i copy and run in mysql editor, it returns correctly.
But now it gives empty. No error in database connections etc. Because other queries are running perfectly.
What could be the error here?

All i can see the error is because of {}
should be
$sql = "SELECT registryvalue FROM muln_registry WHERE fk_applicationid = %d AND registrykey = '%s'";

Try a
echo '<pre>';
var_dump(db_query($sql, 32, 'SHOW_SCORE_TO_STUDENT'));
echo '</pre>';
And see what data is in the handle. This may give you a better idea of what is going wrong. My suggestion is to switch to PDO but I know that is not going to be a valid option when a system already uses a different DB mechanism.

If 'SHOW_SCORE_TO_STUDENT' is the same every time why not use:
$sql = "SELECT registryvalue FROM {muln_registry} WHERE fk_applicationid = '%d' AND registrykey = 'SHOW_SCORE_TO_STUDENT'";
Also you have ' ' around the second parameter but not the first one, not sure if that might be the problem?

You should try LIKE operator for searching a patter. Eg
WHERE column_name LIKE '%searchString' will search where record start with searchString.
For more information on Like you can search for it.

please use:
$sql = "SELECT registryvalue FROM muln_registry WHERE fk_applicationid = %d AND registrykey = '%s'";
instead of
$sql = "SELECT registryvalue FROM {muln_registry} WHERE fk_applicationid = %d AND registrykey = '%s'";
{} curly braces have been removed.

building a sql query string with php parameters

I'm trying to do this, but it returns null?
$query_1=$field_name[0]."='{".$field_value[0]."}'";
and then
getType = mysql_query("SELECT * FROM wines WHERE $query_1") or die(mysql_error());
while if i do like this:
$getType = mysql_query("SELECT * FROM wines WHERE $field_name[0]='{$field_value[0]}'") or die(mysql_error());
it works fine.
is this even possible, or am I missing something too obvious?
thank you in advance!

You are building it the wrong way. You should never use curly brackets (or any other string) in a SQL query. Concatenate your query instead.
Like this:
$query_1=$field_name[0]."='".$field_value[0]."'";
and oh, you missed a $ before your query, thats why its null.

This works for me:
$field_name[0] = "test";
$field_value[0] = "someting";
$query_1=$field_name[0]."='".$field_value[0]."'";
echo ("SELECT * FROM wines WHERE $query_1") or die(mysql_error());
Hope it helps

Using PHP variable inside a query

I am using a query inside PHP as:
$query = 'SELECT * from #__chronoforms_UploadAuthor where text_6 like "%'.$_GET['title'].'%" and text_7 like "%'.$_GET['author'].'%" limit 0,1';
Where I am trying to insert a PHP variable instead of 1 in the limit..
$query = 'SELECT * from #__chronoforms_UploadAuthor where text_6 like "%'.$_GET['title'].'%" and text_7 like "%'.$_GET['author'].'%" limit 0,"'.$_GET['limit'].'"';
but it shows me an error. There are some errors in keeping $_GET['limit'].

Three things:
The way you're writing out those queries is a bit hard to read. Personally I prefer using a multi-line heredoc syntax (as per below), but this isn't strictly required;
Any user input should go through mysql_real_escape_string() to avoid SQL injection attacks. Note: "user input" includes anything that comes from the client including cookies, form fields (normal or hidden), query strings, etc.; and
You don't need to quote the second argument to LIMIT clause, which is probably the source of your problem, meaning put LIMIT 0,5 not LIMIT 0,"5".
So try:
$title = mysql_real_escape_string($_GET['title']);
$author = mysql_real_escape_string($_GET['author']);
$limit = (int)$_GET['limit'];
$query = <<<END
SELECT *
FROM #__chronoforms_UploadAuthor
WHERE text_6 LIKE "$title%"
AND text_7 LIKE "%$author%"
LIMIT 0,$limit
END;
Also, one commentor noted that % and _ should be escaped. That may or may not be true. Many applications allow the user to enter wildcards. If that's the case then you shouldn't escape them. If you must escape them then process them:
$title = like_escape($limit);
function like_escape($str) {
return preg_replace('!(?|\\)((?:\\)*)([%_])!', '$1\$2', $str);
}
That somewhat complicated regular expression is trying to stop someone putting in '\%' and getting '\%', which then escape the backslash but not the '%'.

The hash sign (#) starts a comment in SQL, which looks like your problem

Want bunch of awful answers!
a. To solve the limit problem:
$limit = intval($_GET['limit']);
and then
...LIMIT 0, $limit
in the query.
b. To sanitize $_GET['title'], as many mentioned:
$title = mysql_real_escape_string($_GET['title']);
So the final code must be
$limit=intval($_GET['limit']);
$title = mysql_real_escape_string($_GET['title']);
$author = mysql_real_escape_string($_GET['author']);
$query = "SELECT * from #__chronoforms_UploadAuthor
WHERE text_6 like '$title' and text_7 like '%$author%'
LIMIT 0, $limit";

You've enclosed the $_GET['limit'] in double-quotes, which is the source of the problem.
Try this:
$query = 'SELECT * from #__chronoforms_UploadAuthor where text_6 like "%'.$_GET['title'].'%" and text_7 like "%'.$_GET['author'].'%" limit 0,'.$_GET['limit'];
Also as Cletus mentions in this answer, there are many, more serious problems you need to resolve.

Remove the double-quotes around $_GET['limit']. The two numbers that the LIMIT clause takes should not be quoted.

This should work:
$query = 'SELECT * from #__chronoforms_UploadAuthor where text_6 like "%'.$_GET['title'].'%" and text_7 like "%'.$_GET['author'].'%" limit 0,'.$_GET['limit'];
But you really should filter incoming data...
$query = 'SELECT * from #__chronoforms_UploadAuthor where text_6 like "%'.mysql_real_escape_string($_GET['title']).'%" and text_7 like "%'.mysql_real_escape_string($_GET['author']).'%" limit 0,"'.intval($_GET['limit']).'"';