inserting selected row mysql - php

I would like to use the row that I have selected and echoed to insert to a table again.
So what I want is row to_user. how should I define $to_user to get to_user row?
$to_user = $row['to_user']; //this gives me undefined variable error
$stmt = $mydb->prepare("insert into `messages`(`to_user`) values(?)");
echo $mydb->error;
$stmt->bind_param('s', $to_user);
$stmt->execute();
$stmt = $mydb->prepare("SELECT * FROM messages where id = ? ");
$stmt->bind_param('s', $id);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
echo $row['to_user'];}


$row['to_user'];
$stmt = $mydb->prepare("insert into `messages`(`to_user`) values(?)");
echo $mydb->error;
$stmt->bind_param('s', $row['tu_user']);
$stmt->execute();
//get the last inserted id and store it in a var
$lastInserted = $mydb->lastInsertId();
$stmt = $mydb->prepare("SELECT * FROM messages where id = ? ");
$stmt->bind_param('s', $lastInserted);
$stmt->execute();
$result = $stmt->get_result();
//for testing
//print_r($result);
// echo $result;
while ($row = $result->fetch_assoc()) {
echo $row['to_user'];}

Related

mysqli_real_escape_string with mysqli_num_rows in php

My problem count sql .
<input name='d_n[]'>
<input name='d_n[]'>
php page
post value Adam's
foreach($ds_director as $key => $director){
// my problem here //
$DnumSql = "SELECT * FROM list WHERE ds_name = ?";
$stmt = $con -> prepare($DnumSql);
$stmt -> bind_param('s',$director);
$stmt -> execute();
$Dnum = $stmt->num_rows;
echo "$Dnum"; // result again '0'
/////////////
if($Dnum == 0){
$director_sql = mysqli_real_escape_string($con,ucwords($director));
$Dsql = "INSERT INTO movie_ds (ds_m_name, ds_name, ds_status) VALUES ('$director_sql', '$m_name', 'yönetmen')";
$Dquery = mysqli_query($con,$Dsql);
if($Dquery){
echo "<p style='color:green'>good</p>";
}else{
echo mysqli_error($con);
}
}else{
echo "<p style='color:red;'>not save</p>";
}
}
Because of this problem the same value is recorded
UPDATE PROBLEM editted = array input

Better to use prepare statement for this. It will automatically escape your string and prevent from sql injection
$sql = 'SELECT * FROM list WHERE d_n =?';
$stmt =$con->prepare($sql);
$stmt->bind_param('s', $_POST['d_n']);
$stmt->execute();
$numrows = $stmt->num_rows;

JsonArray return null value

Below is my php code:
public function getMainChatList($myPhoneNo){
$stmt = $this->conn->prepare("SELECT receiverPhoneNo,name FROM users,friend WHERE users.phoneNo=friend.receiverPhoneNo AND senderPhoneNo=? AND chatted = 'y' ORDER BY update_time DESC");
$stmt->bind_param("s", $myPhoneNo);
$stmt->execute();
$stmt->store_result();
$result = array();
while($row = $stmt->fetch()){
array_push($result,array('receiverPhoneNo'=>$row['receiverPhoneNo'],'name'=>$row['name'],));
}
//echo json_encode(array("result"=>$result));
echo json_encode($result);
echo json_last_error();
$stmt->close();
}
And the json return
[{"receiverPhoneNo":null,"name":null},{"receiverPhoneNo":null,"name":null}]0
json_last_error() returns 0. I have no idea why it return null.
And I execute the sql statement on xampp MySQL server directly.
Below is the result.
result.jpg
Thanks!

Just use bind_result() instead:
public function getMainChatList($myPhoneNo)
{
$stmt = $this->conn->prepare("
SELECT receiverPhoneNo, name FROM users, friend
WHERE users.phoneNo = friend.receiverPhoneNo
AND senderPhoneNo = ?
AND chatted = 'y'
ORDER BY update_time DESC
");
$stmt->bind_param('s', $myPhoneNo);
$stmt->execute();
// bind
$stmt->bind_result($receiverPhoneNo, $name);
$result = array();
while($stmt->fetch()){
$result[] = array(
'receiverPhoneNo' => $receiverPhoneNo,
'name' => $name,
);
}
echo json_encode($result);
}

this should put the associative array from the entire query directly into your $result array
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);

Logic in while-statement

For a search I am using this code snippet:
$stmt = $dbh->prepare('SELECT id,username FROM `users` WHERE `username` LIKE :keyword');
$keyword = "%".$data."%";
$stmt->bindParam(':keyword', $keyword, PDO::PARAM_STR);
$stmt->execute();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$row_array['id'] = $row['id'];
$row_array['user'] = utf8_encode($row['username']);
array_push($return_arr,$row_array);
}
Instead of getting only those value´s which are "LIKE keyword", I get every result from my table "users", why is this happening?

You should check if $data is empty before preparing the query:
if(!empty($data) && is_string($data)){
$stmt = $dbh->prepare('SELECT id,username FROM `users` WHERE `username` LIKE :keyword');
$keyword = "%".$data."%";
$stmt->bindParam(':keyword', $keyword, PDO::PARAM_STR);
$stmt->execute();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$row_array['id'] = $row['id'];
$row_array['user'] = utf8_encode($row['username']);
array_push($return_arr,$row_array);
}
} else {
// Do something else
}

how do i fetch_* rows after calling mysqli_stmt_store_result?

<?php
$stmt = $mysqli->prepare("SELECT * FROM test WHERE dataStr = ? LIMIT 20");
$stmt->bind_param("s", $search);
$stmt->execute();
$stmt->store_result();
echo "rows are " . $stmt->num_rows;
$rs = $stmt->get_result();
while($r = $rs->fetch_object()) print_r($r);
?>
When I call $stmt->store_result() to let $stmt->num_rows work, the subsequent call of $stmt->get_result() returns FALSE. If I comment the store_result() row, everything works fine (except of course num_rows)
How can I access the mysqli_result class instance, and its fetch_array(), fetch_assoc(), fetch_object() methods after I called $stmt->store_result() ?

Try this,
<?php
$stmt = $mysqli->prepare("SELECT * FROM test WHERE dataStr = ? LIMIT 20");
$stmt->bind_param("s", $search);
$stmt->execute();
$stmt->store_result();
echo "rows are " . $stmt->num_rows;
$result = $stmt->get_result();
while ($row = $result->fetch_assoc())
{
echo 'ID: '.$row['id'].'<br>';
}
$stmt->free_result();
?>

Is my PDO ECHO and RETURN statements correct?

I was wondering why I am receiving syntax errors on lines 9 and 16 from my PHP/PDO coding.
My code is as follows:
<?php
// Sandbox Functions
// PDO example
function get_page($dbc, $pg) {
$sql = "SELECT * FROM pages WHERE page = '$pg' AND status = 1 LIMIT 1";
$stmt = $dbc->prepare($sql);
$stmt->execute();
$row = $stmt->fetch()
echo '<h1>'.$page['title'].'</h1>';
echo '<div class="content">'.$page['body'].'</div>';}
function get_title($dbc, $pg) {
$sql = "SELECT title FROM pages WHERE page = '$pg' AND status = 1 LIMIT 1";
$stmt = $dbc->prepare($sql);
$stmt->execute();
$row = $stmt->fetch()
return $page['title'];}
?>

Put simicolon after that $stmt->fetch() like : $row = $stmt->fetch();

Missing semicolons...
<?php
// Sandbox Functions
// PDO example
function get_page($dbc, $pg) {
$sql = "SELECT * FROM pages WHERE page = '$pg' AND status = 1 LIMIT 1";
$stmt = $dbc->prepare($sql);
$stmt->execute();
$row = $stmt->fetch(); //missing ;
echo '<h1>'.$page['title'].'</h1>';
echo '<div class="content">'.$page['body'].'</div>';}
function get_title($dbc, $pg) {
$sql = "SELECT title FROM pages WHERE page = '$pg' AND status = 1 LIMIT 1";
$stmt = $dbc->prepare($sql);
$stmt->execute();
$row = $stmt->fetch(); //missing ;
return $page['title'];}

Your statement:
$row = $stmt->fetch()
Is not having a semicolon:
$row = $stmt->fetch();
Same on the line 16:
$row = $stmt->fetch()
To
$row = $stmt->fetch();

Categories