So, I'm writing an application in PHP and I'm trying to retrieve unique user data based on what they entered. Here is my code:
function hello($username123) {
// Connect to Database //
$host3 = "db";
$username3 = "db";
$password3 = "db";
$db3 = "db";
$con3 = mysqli_connect($host3,$username3,$password3,$db3) or die("Can not connect to Server.");
$student1name;
$query3 = mysqli_query($con3,"SELECT * FROM 'users' WHERE 'username' = '$username123' and '$student1name' = 'student1'");
return "$student1name";
}
So, the user enters there username which they registered earlier on and then I run a query where the username field is equal to the username variable (The input) and that the student1name variable is equal to the student1 field where the username is the same as the one entered. I then return the student1name variable. But when I test this all that returns is "". I can't figure out the problem
You must bind the result in a result array and access it like that, something like this should work:
return $query3["student1name"];
Would probably be more effective.
If you're only selecting ONE variable in your query then you can simply echo $query3.
It would also be more effective if you'd look into prepared statements.
Note that
$student1name
doesn't do anything since you never give it a proper value.
you are not fetching the results of the query, try something like this after your query..
$row = mysqli_fetch_array($query3, MYSQLI_ASSOC);
return $row['studentname'];
i'm assuming the student's name is in a column called studentname in your DB
PHP automatically replaces any variables you use inside a string to the value of that variable. For example, if $student1name = 'foo' then putting $student1name anywhere in your SELECT statement literally outputs you a string 'foo' in place of that variable. As far as the mysqli statement is concerned, you aren't using a PHP value, you are using a literal string 'foo'. Therefore, expecting your $student1name var to magically change based on the sql statement isn't going to happen.
To retrieve a column's value you will need to fetch the result rows after you perform the query:
if ($row = $query3->fetch_assoc()) {
return $row["student1"];
}
If you are expecting more than one result row, then you just need to call fetch_assoc() again for each row until it returns you nothing (marking the end of the result rows).
Related
My connection & sql queries have already been tested and they work. I am just trying to print one column of data into my browser for output so I can test the rest of the database. I am just trying to print one row and when I run the code, nothing shows up in the browser as output. The database column name is "type" and there is a "1" in there for the user I am logging in with. The login works but I am trying to read the integer in the database in order to direct it to a specific profile. I can't get anything to printout from my table into the browser.
$role = "SELECT type FROM fp.user WHERE usname ='$username' AND pswd = '$password'";
$access = mysqli_query($link, $role);
$row = mysqli_fetch_row($access);
echo $row['type'];
There may be a problem with your query. You should check to see if $access is first false (Which would indicate a query failure), and echo out the error associated with the query.
$role = "SELECT type FROM fp.user WHERE usname ='$username' AND pswd = '$password'";
$access = mysqli_query($link, $role);
if ( !$access )
{
echo 'There was a problem running this query: ', mysqli_error($link);
exit;
}
$row = mysqli_fetch_row($access);
Also, according to the docs:
Fetches one row of data from the result set and returns it as an enumerated array, where each column is stored in an array offset starting from 0 (zero). Each subsequent call to this function will return the next row within the result set, or NULL if there are no more rows.
Check to make sure the user/password combo in the database is correct. Another issue could be that no user exists for that $username/$password combo.
I'm using Postgresql 9.2 and PHP 5.5 on Linux. I have a database with "patient" records in it, and I'm displaying the records on a web page. That works fine, but now I need to add interactive filters so it will display only certain types of records depending on what filters the user engages, something like having 10 checkboxes from which I build an ad-hoc WHERE clause based off of that information and then rerun the query in realtime. I'm a bit unclear how to do that.
How would one approach this using PHP?
All you need to do is recieve all the data of your user's selected filters with $_POST or $_GET and then make a small function with a loop to concatenate everything the way your query needs it.
Something like this... IN THE CASE you have only ONE field in your DB to match with. It's a simple scenario and with more fields you'll need to make it so that you add the field you really need in each case, nothing too complex.
<?php
//recieve all the filters and save them in array
$keys[] = isset($_POST['filter1'])?'$_POST['filter1']':''; //this sends empty if the filter is not set.
$keys[] = isset($_POST['filter2'])?'$_POST['filter2']':'';
$keys[] = isset($_POST['filter3'])?'$_POST['filter3']':'';
//Go through the array and concatenate the string you need. Of course, you might need AND instead of OR, depending on what your needs are.
foreach ($keys as $id => $value) {
if($id > 0){
$filters.=" OR ";
}
$filters.=" your_field = '".$value."' ";
}
//at this point $filters has a string with all your
//Then make the connection and send the query. Notice how the select concatenates the $filters variable
$host = "localhost";
$user = "user";
$pass = "pass";
$db = "database";
$con = pg_connect("host=$host dbname=$db user=$user password=$pass")
or die ("Could not connect to server\n");
$query = "SELECT * FROM table WHERE ".$filters;
$rs = pg_query($con, $query) or die("Cannot execute query: $query\n");
while ($row = pg_fetch_row($rs)) {
echo "$row[0] $row[1] $row[2]\n";
//or whatever way you want to print it...
}
pg_close($con);
?>
The above code will get variables from a form that sent 3 variables (assuming all of them correspond to the SAME field in your DB, and makes a string to use as your WHERE clause.
If you have more than one field of your db to filter through, all you need to do is be careful on how you match the user input with your fields.
NOTE: I did not add it here for practical reasons... but please, please sanitize user input.. ALWAYS sanitize user input before using user controlled data in your queries.
Good luck.
Don't do string concatenation. Once you have the values just pass them to the constant query string:
$query = "
select a, b
from patient
where
($x is not null and x = $x)
or
('$y' != '' and y = '$y')
";
If the value was not informed by the user pass it as null or empty. In the above query the x = $x condition will be ignored if $x is null and the y = '$y' condition will be ignored if $y is empty.
With that said, a check box will always be either true or false. What is the exact problem you are facing?
Always sanitize the user input or use a driver to do it for you!
I have created a Where clause builder exactly for that purpose. It comes with the Pomm project but you can use it stand alone.
<?php
$where = Pomm\Query\Where::create("birthdate > ?", array($date->format('Y-m-d')))
->andWhere('gender = ?', array('M'));
$where2 = Pomm\Query\Where::createWhereIn('something_id', array(1, 15, 43, 104))
->orWhere($where);
$sql = sprintf("SELECT * FROM my_table WHERE %s", $where2);
$statement = $pdo->prepare($sql);
$statement->bind($where2->getValues());
$results = $statement->execute();
This way, your values are escaped and you can build dynamically your where clause. You will find more information in Pomm's documentation.
Novice Alert
A mySQL table "tokens" contains a field, "dl" (DL), which is an integer (values: 0, 1 or 2)
For the row where field "token"==$stripped_token, the current value of "dl" is 0
I wish to read the record, increment the number found in field "DL" (zero) and update the record. Here's what I'm trying:
function sql_update_token($stripped_token)
{
global $mysqli ;
$curr_dl = $mysqli->query("SELECT dl FROM tokens WHERE token = ".$stripped_token) or die (mysqli_error());
$new_num = $curr_dl + 1;
$result = $mysqli->query("UPDATE tokens SET dl=".$new_num." WHERE token = ".$stripped_token) or die (mysqli_error());
}
The value of field DL is now "2" ! Why 2?
In troubleshooting the above, I tried this:
function sql_get_dl($stripped_token)
{
global $mysqli ;
$curr_dl_num = $mysqli->query("SELECT dl FROM tokens WHERE token = ".$stripped_token) or die (mysqli_error());
return $curr_dl_num;
}
$test = sql_get_token($stripped_token);
echo('[$test] == [ '.$test.' ]<br />');
The problem is that $test does not contain the number "0", as I had hoped. Instead, it contains: "current_field", "field_count", "lengths", "num_rows" and "type" (those text strings, in an array.
What are my errors?
One problem is that msysqli->query doesn't return the value you think it returns. It returns a result object. You then need to get at the data in that result. i.e.:
global $mysqli ;
$result = $mysqli->query("SELECT dl FROM tokens WHERE token = ".$stripped_token) or die (mysqli_error());
$row = $result->fetch_row();
$curr_dl_num = $row[0];
Think of $result as a table. fetch_row() gets the first row, and $row[0] gets the first cell of that row. This is really inconvenient, since you are only getting a table with one value in it, but with other queries, where multiple results are returned, being able to step through them using fetch_row() is really useful.
As well, how are you generating your $stripped_token value, since you said that wasn't behaving as you expected? If you are reading it from a mySQL query, your problem is probably the same - it might be a result object, and not a single value as you expect.
EDIT:
Never mind the bit about $stripped_token, I misinterpreted the last part of your question.
I have been working on this for a while now, I know it's simpler than what I am making it, but I just can't get it. I have some code where I am trying to query an enum either 1 or 0 from my table so this is exactly what I have to do this.
$username = 'test'
$passResult = mysql_query("SELECT usrSetPass FROM members WHERE usr='.$username.'");
Now I have all the connection stuff down I think, I get no errors there, but when I print this thing out in my echo I get this,
Heres my echo:
echo 'Hello, '.$username.', you Result is: '.$passResult.'!';
What I want to get is:
Hello, test, your Result is: 1
or
Hello, test, your Result is: 0
Now what I get is:
Hello, test, your Result is: Resource id #6
Now no matter what I do I get the same thing, I have no idea what I'm doing wrong here guys if someone could point this out that would be awesome. What this enum is being use essentially for a boolean just to see if the user has personally set a password not the computer generated version.
mysql_query returns a result resource, essentially a pointer to the memory where the results are buffered. That result set can contain many rows, as you can select many rows, so you need to fetch the row(s) you want then the column(s) you want from those rows.
/* execute the query and get a result resource back */
$passResult = mysql_query("SELECT usrSetPass FROM members WHERE usr='" . mysql_real_escape_string($username) . "'");
/* retrieve the first row from $passResult */
$row = mysql_fetch_assoc($passResult);
/* assign the usrSetPass column's value from that row to $passed */
$passed = $row['usrSetPass'];
Also, your query is wrong. You enclosed it in double quotes, so you're not actually breaking out of the string and concatenating $username when you use the single quotes and dots inside. I've corrected it above.
mysql_query doesn't return a value, it returns a resource (see here in the manual).
The returned result resource should be passed to another function for dealing with result tables (like mysql_fetch_array() or mysql_fetch_assoc()), to access the returned data.
Example based on your initial code:
$username = 'test';
$passResult = mysql_query("SELECT usrSetPass FROM members WHERE usr='".$username."'");
while ($row = mysql_fetch_assoc($passResult)) {
echo $row['usrSetPass'];
}
Can't figure this out for the life of me. Trying to return the column names from the clients securities table, then return the result as an array. Can anybody point out where I'm getting off track?
mysql_select_db("HandlerProject", $con); //Selects database
$selectcols = "SELECT * FROM ".$clientname."securitiestable"; //selects all columns from clients security table
$tempcols = mysql_query($selectcols) or die(mysql_error());
$returnedcols = $mysql_fetch_array($tempcols);
$tempsymbol = mysql_query("SHOW COLUMNS FROM".$clientname."securitiestable");
$symbol = $mysql_fetch_array($tempsymbol);
Suggestions:
You've got $ signs prefixing the mysql_fetch_array() calls so you'd need to have assigned a value (function name you want to call) to $mysql_fetch_array (this is probably why you're seeing the error you mention in your comment).
Also you have a missing space after FROM in the second query
// v
$tempsymbol = mysql_query("SHOW COLUMNS FROM ".$clientname."securitiestable");
Last thing to check - is $clientname set?
Having said that - take Bill Karwin's advice!
I would use mysql_fetch_assoc() for the SELECT query, and then call array_keys() on any row of the result.
$selectcols = "SELECT * FROM ".$clientname."securitiestable";
$tempcols = mysql_query($selectcols) or die(mysql_error());
$returnedcols = mysql_fetch_assoc($tempcols);
$colnames = array_keys($returnedcols);
Your fatal error is because of a separate issue: you have a $ symbol at the start of your function call. This is legal PHP syntax, because you can put the name of a function in a variable and call it indirectly:
function foo($arg)
{
echo $arg . "!\n";
}
$bar = "foo";
$bar("hello world");
But in your case, it's probably not what you intended. If you want to call a function by its literal name, don't put a $ in front of it. If you have a string variable that contains the name of a function, then you can use the variable as I show above.