I have this PHP code which another user on the site was helpful enough to give to me. It is trying to match entries in a database to what the user supplied in a form, and echoing out the picture(s) that match those specifications.
(I define my database info in the first 4 lines, but this site doesn't want to write them out)
// Errors
$error = array();
if (!isset($_POST['submit']))
$error[] = "The form was not set.<br />";
// Here we check if each of the variable are set and have content
if (!isset($_POST['gender']) || strlen($_POST['gender']) == 0)
$error[] = "You must fill the gender field.<br />";
if (!isset($_POST['hair']) || strlen($_POST['hair']) == 0)
$error[] = "You must fill the hair field.<br />";
if (!isset($_POST['height']) || strlen($_POST['height']) == 0)
$error[] = "You must fill the height field.<br />";
if (!isset($_POST['body']) || strlen($_POST['body']) == 0)
$error[] = "You must fill the body field.<br />";
if (empty($error))
{
$con = mysqli_connect($db_host, $db_user, $db_pass, $db_name);
if ($con->connect_error)
die('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
// Here we prepare your query and make sure it is alright
$sql = "SELECT * FROM `table` WHERE gender=? AND hair=? AND height=? AND body=?";
if (!$stmt = $con->prepare($sql))
die('Query failed: (' . $con->errno . ') ' . $con->error);
// Here we define the field types with 'ssss' which means string, string, string
// and also set the fields values
if (!$stmt->bind_param('ssss', $_POST['gender'], $_POST['hair'], $_POST['height'], $_POST['body']))
die('Binding parameters failed: (' . $stmt->errno . ') ' . $stmt->error);
// Now we finally execute the data to update it to the database
// and if it fails we will know
if (!$stmt->execute())
die('Execute failed: (' . $stmt->errno . ') ' . $stmt->error);
// Now we read the data
while ($row = $stmt->fetch_object())
{
$pic = $row->picture;
echo $row->picture, "\n";
}
$stmt->close();
$con->close();
}
else
{
echo "Following error occurred:<br />";
foreach ($error as $value)
{
echo $value;
}
}
?>
I am getting this error message on line 48
Fatal error: Call to undefined method mysqli_stmt::fetch_object() in /home/content/...
which is this line of code:
// Now we read the data
while ($row = $stmt->fetch_object())
You can't fetch the results from a mysqli_stmt object directly. First use get_result to get a mysqli_result object, then use fetch_object on that:
$result = $stmt->get_result();
while ($row = $result->fetch_object())
Note that that only works if you have mysqlnd installed; if not, see the bind_result and fetch methods for a less convenient (but more compatible) approach.
Related
I am a bit lost with my prepared statement. My goal it to read a simple small csv file (100 lines and about 10 columns) into a mysql database.
Since I couldn't get that to work I simplified the mysql table to one column for now (OrderUuid). The first part of the code I hardcoded a testvalue for my OrderUuid variable, which gets added to mysql fine. However, when I take the column value form the csv file (line[0]), nothing (an empty string I think) gets added to the db table.
Here is my code:
while(($line = fgetcsv($csvFile)) !== FALSE){
//This works!
$OrderUuid = "Test";
$insertQry2 = $conn->prepare("INSERT INTO orders_test (OrderUuid) VALUES (?)");
$insertQry2->bind_param("s", $OrderUuid);
if(!$insertQry2->execute()){trigger_error("there was an error....".$conn->error, E_USER_WARNING);}
//This doesn't
$OrderUuid = $line[0];
echo $OrderUuid."<br>"; //Returns something like: d17e91d5-63b9-4a56-a413-3274057073c7
$insertQry3 = $conn->prepare("INSERT INTO orders_test (OrderUuid) VALUES (?)");
$insertQry3->bind_param("s", $OrderUuid);
if(!$insertQry3->execute()){trigger_error("there was an error....".$conn->error, E_USER_WARNING);}
}
Any help would be appreciated!
Thanks!
Norm
EDIT 1:
Thanks for all the tips guys! I rewrote the code, but unfortunately the script is still inserting empty strings into my table. There is no error messages whatsoever.
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$flag = true;
$data = array();
while(($line = fgetcsv($csvFile)) !== FALSE){
if($flag) { $flag = false; continue; }
$data[] = $line;
}
if (!($stmt = $conn->prepare("INSERT INTO orders_test (OrderUuid) VALUES (?)"))) {
echo "Prepare failed: (" . $conn->errno . ") " . $conn->error;
}
if (!$stmt->bind_param("s", $data[0][0])) {
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
if (!$stmt->execute()) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
foreach($data as $dat) {
if (!$stmt->execute()) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
}
Here is my super simple table:
CREATE TABLE orders_test (
OrderUuid varchar(500) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
For anyone that is interested, it was actually super simple in the end. The file contained some letters that the database interpreted as lots of line breaks I think. Therefore applying
strip_tags
did the trick.
I found out earlier today that I am quite behind with using prepared statements. I tried to make a prepared statement to get some data out from my database.
I would like to print all the rows in my database, but I am not quite sure how to do that in my while loop?
<?php
/* Prepare */
if ($stmt = $mysqli->prepare("SELECT * FROM stores")) {
echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
}
/* Bind and execute */
$id = null;
$headline = null;
$description = null;
$place = null;
if (!$stmt->bind_param("i", $id, "s", $headline, "s", $description, "s", $place)) {
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
if (!$stmt->execute()) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
while ($stmt->fetch()) {
/* Loop through my rows in MySQL and print all rows*/
echo $id, $headline, $description,$place;
}
/* Close Statement */
$stmt->close();
/* Close Connection */
$mysqli->close();
?>
if (!$stmt->bind_param("isss", $id, $headline, $description, $place))
{
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
You'll want to do that. As #Fred-ii said in the comments. You've got the syntax wrong.
How it works is that the first parameter of bind_param is all your data types as one string, then you list your data afterwards. Ensure that you use the right data type and the right amount of parameters.
Update
Having inspected your code further, I realise you haven't use prepare correctly. I'll include a demonstration below so you can use it as a guide.
$stmt = $mysqli->prepare("SELECT * FROM myTable WHERE id = ? AND name = ?");
if (!$stmt->bind_param("is", $id, $name))
{
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
if (!$stmt->execute())
{
echo "Execution failed: (" . $stmt->errno . ") " . $stmt->error;
}
The question marks delineate each variable. This means that you put a ? where you want a variable to go.
Then you use bind_param to list your data types (as stated above) with your variables or data following.
Update 2
$errors = array(); // store errors here
$stmt = $mysqli->prepare("SELECT name FROM myTable WHERE id = ?"); // prepare our statement
// check that our parameters match, if not then add error
if (!$stmt->bind_param("i", $id))
{
array_push($errors, "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error);
}
// if no errors and statement fails to run
if (count($errors) <= 0 && !$stmt->execute())
{
array_push($errors, "Execution failed: (" . $stmt->errno . ") " . $stmt->error);
}
// no statement errors
if (count($errors) <= 0)
{
$stmt->bind_result($name); // store the results of the statement in this variable
// iterate through each row of the database
while ($stmt->fetch())
{
echo $name;
}
}
// report the errors
else
{
echo "<h3>Errors</h3>";
foreach ($errors as $error)
{
echo "<p>$error</p>";
}
}
$errors = array()
Here I create an array that will hold all of our error messages.
array_push($errors, "...")
The array_push function will add a variable to the array in the syntax of array_push($array, $var) where $array is the array that will have items added, and $var is the item you want to add.
I use this so that I can add errors in a neat way, that can be later iterated.
count($errors)
The count function will count the number of elements in an array.
I use this to see if any errors have been added to the array. When I initialise $errors there are no elements in it so it will return 0.
$stmt->bind_result($name)
This is written outside of the while loop since it is used to tell the statement that we want to store all of the column name inside this variable named $name.
while ($stmt->fetch())
This will iterate through each row in the database. Each iteration of the while loop will be one row of the database. In my example, I simply echoed the value for the name column.
It is possible to store more than one column. Just add the column in the SQL query (SELECT col1, col2, col3 FROM mytable) and then store each column in a variable in bind_result ($stmt->bind_result($col1, $col2, $col3);. Note that they do not have to be the same name as the column; this is also valid $stmt->bind_result($myVar, $someVar, $anotherVar);).
foreach ($errors as $error)
foreach takes an array and iterates through it, storing each iteration in the variable following as.
In this instance we have errors stored in an array named $errors, and we store each one in $error and write it in a paragraph tag.
I am currently trying to update a image on database.The file information is being carried over however I getting the 'Warning: mysql_query() expects parameter 1 to be string, resource given in ' . Heres my code.
$size = $_FILES['file']['size'] ;
$type = $_FILES['file']['type'];
$tmp_name = $_FILES['file']['tmp_name'];
$name = $_FILES['file']['name'];
mysql_select_db($database_fot, $fot);
$image = addslashes(fread(fopen($tmp_name, "rb"),$size));
$qry = "UPDATE film SET (image)" . " VALUES ('$image')";
$result=mysql_query($qry) or die(mysql_error());
I keep getting the error 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(image) VALUES ('ÿØÿà\0JFIF\0\0\0\0\0\0ÿÛ\0„\0 ' at line 1'
try this maybe it will work
$con = mysqli_connect("hostname", "username", "password" ,"database") or die("Could not connect database"); //the connection line
$query=mysqli_query($con,'UPDATE film SET image="'.$image.'"')or trigger_error(mysqli_error()); ///where $con is the mysqli_connect variable
Note:you should use mysqli instead of mysql because mysql is no longer valid with newer mysql batabases
you should insert the a link to the image instead of the image itself in the database
Use this script.
<?php
ini_set('display_errors', 'On');
ini_set('display_startup_errors', 'On');
error_reporting(E_ALL);
$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
$errorinfo = $_FILES['file']["error"];
$filename = $_FILES['file']["name"];
$tmpfile = $_FILES['file']["tmp_name"];
$filesize = $_FILES['file']["size"];
$filetype = $_FILES['file']["type"];
if (!($filetype == "image/jpeg" && $filesize > 0)) {
echo "Import of photo failed";
}
if ($filetype == "image/jpeg" && $filesize > 0 && $filesize < 1048576) {
echo "Import of photo success";
if (!($stmt=$mysqli->prepare("INSERT INTO film (image) VALUE (?)"))) {
echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error;
}
$null = NULL;
if (!$stmt->bind_param("s", $_POST['file'], $null)) {
echo "Binding parameters failed: (" . $stmt->errno .") " . $stmt->error;
}
if (!$stmt->send_long_data(0, file_get_contents($_POST['file']))) {
echo "Did not get contents";
}
if (!$stmt->execute()) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
else {
printf("%d row inserted.<br/>", $stmt->affected_rows);
}
}
else {
echo "Image must be under 1 MB";
}
$stmt->close();
$mysqli->close();
?>
I have read everything I can think of to get an explanation but nothing seems to help. If someone might be able to point out the obvious or give me a slight idea of what is wrong. I have read through php.net and the mysqli tag and can't seem to figure this out. Everything I read says you can't send two queries but I am only trying one. Any help would be much appreciated.
This->https://stackoverflow.com/a/9649149/1626329 - States that maybe I have multiple result sets but I am not sure that makes much sense or what I can do to get more detail on the inner workings of prepared statements.
My Code:
class mydb {
public function __construct() {
// Connect to Database
$this->mydb = new mysqli('****', '***', '***', '***');
if ($this->mydb->connect_errno) { // Error on connection failure
echo "Failed to connect to MySQL in Construct: (" . $this->mydb->connect_errno . ") " . $this->mydb->connect_error;
}
}
public function choose ($select, $from, $config = 0, $options = NULL) {
if ($config === 0) { /** Configure statement for prepare depending on options */
$stmt = 'SELECT ' . $select . ' FROM ' . $from;
} elseif ($config === 1) {
$stmt = 'SELECT ' . $select . ' FROM ' . $from . ' WHERE ' . $options['where_comp'] . ' LIKE ?';
} elseif ($config === 2) {
$stmt = 'SELECT ' . $select . ' FROM ' . $from . ' WHERE ' . $options['where_comp'] . ' = ?';
} /** End if/elseif Prepare statemenet */
$mydb = $this->mydb->prepare($stmt);
if ($config === 1 || $config === 2) {
$mydb->bind_param("s",$options['where_value']);
}
if ($mydb->execute()) { /** If execute is good then get results */
$result = $mydb->get_result();
$payload = array();
while ($row = $result->fetch_array(MYSQLI_NUM)) {
$payload[] = $row;
}
return $payload;
} /** End if results */
} /** End choose class method */
} /** End mydb Class */
$myDB = new mydb();
$agentArray = $myDB->choose('*','`agent`');
Used the php.net example and modified it to show a better example:
$mysqli = new mysqli('host', 'database', 'user', 'pass');
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
if (!($stmt = $mysqli->prepare("SELECT ? FROM ?"))) {
echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
}
if (!$stmt->execute()) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
if (!($res = $stmt->get_result())) {
echo "Getting result set failed: (" . $stmt->errno . ") " . $stmt->error;
}
for ($row_no = ($res->num_rows - 1); $row_no >= 0; $row_no--) {
$res->data_seek($row_no);
var_dump($res->fetch_assoc());
}
$res->close();
The very first result from the "Related" section on this page (Means it was offered to you while you were in struggle writing your question) offers a solution.
As a general rule, it is quite easy to find an answer to a question based on the error message. Only you need is not to stop at the very first search result but proceed a bit more.
However, on this function choose() of yours. I find it quite impractical, unsafe, and useless:
impractical because it doesn't let you to use SQL, but a very limited subset of it.
and also it makes your code extremely hard to understand.
unsafe because it does offer no protection for all the dynamical parts but where value only
useless because it can save you not that much to worth a mess.
Look, you think you saved yourself 2 words - SELECT and FROM.
$agentArray = $myDB->choose('*','`agent`',1,
array('where_comp' => 'name', 'where_value' -> "%bob%"));
yet you made this code hard to understand, hard to maintain and unable to run ever simplest JOIN. Why not to make it. Not to mention that actual code become longer than conventional SQL query:
$sql = 'SELECT * FROM `agent` WHERE name LIKE ?';
$agentArray = $myDB->query($sql, "%bob%");
which one is easier to read?
Adding an if statement to show the error correctly actually gives a mysql error response that can be used:
if (!($stmt = $mysqli->prepare("SELECT ? FROM ?"))) {
echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
}
Error response:
Prepare failed: (1064) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?' at line 1
-- You can't pass identifiers through prepared-statements and you should only use it for values passed from user input.
I am trying use mysqli functions but I get this error:
Fatal error: Call to undefined method mysqli::num_rows() in C:\AppServ\www\edu\files\header.php on line 19
I tried to go to php.ini and remove ; from extension=php_mysqli.dll
I found it already removed
I tried to restart appachi;
the connection file:
// db username
define("USERNAME","root");
// db password
define("PASSWORD","root");
// db servername
define("SERVERNAME","localhost");
// db name
define("NAME","edu");
//connect to db
$mysqli = new mysqli(SERVERNAME,USERNAME,PASSWORD,NAME);
if ($mysqli->connect_errno) {
echo $cannot_connect;
}
//select db encoding
$mysqli->set_charset('utf8');
calling function in a file:
$sql = $mysqli->query("SELECT VALUE FROM SITE_CONFIG WHERE CONF='KEYWORDS'");
if (!$sql) {
echo "Failed to run query: (" . $mysqli->errno . ") " . $mysqli->error;
}
if($mysqli->num_rows($sql) > 0){
while($rs = $sql->fetch_assoc()){
$keyw = $rs['VALUE'];
}
}else{
$keyw = $no_data;
}
note : I included connection.php
Try:
$sql = $mysqli->query("SELECT VALUE FROM SITE_CONFIG WHERE CONF='KEYWORDS'");
if (!$sql) {
echo "Failed to run query: (" . $mysqli->errno . ") " . $mysqli->error;
} else {
if($sql->num_rows > 0){// here must be $sql , not $mysqli
while($rs = $sql->fetch_assoc()){
echo $rs['VALUE'];
}
} else{
echo "No data";
}
}