using a variable in a mysqli_query?

using a variable in a mysqli_query? - php

I am trying to return a value from my database based on a user input on my form.
When I run the code using a value it works but when I put in the variable it doesn't. I am sure it is something simple, but I just don't get it?
Here is the code that works:
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = '201'");
while($row = mysqli_fetch_array($sql_beam))
{
echo "<p>" . $row['cost_ft'] . "</p>";
echo "<br>";
}
When I change it to this it doesn't:
$beam_num = $_POST['Beam Number'];
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = '$beam_num'");
while($row = mysqli_fetch_array($sql_beam))
{
echo "<p>" . $row['cost_ft'] . "</p>";
echo "<br>";
}

You should never put any variable directly into a query. Google sql injection and how to prevent it.
Here is a simple example:
$sql = "SELECT cost_ft FROM Beams WHERE number = ?";
$stmt = $link->prepare($sql);
$stmt->bind_param("s", $beam_num);
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_assoc())
{
echo "<p>" . $row['cost_ft'] . "</p>";
echo "<br>";
}

Variables in a query work best when enclosed in curly brackets like this:
$beam_num = $_POST['Beam Number'];
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = '{$beam_num}'");
while($row = mysqli_fetch_array($sql_beam))
{
echo "<p>" . $row['cost_ft'] . "</p>";
echo "<br>";
}
That should solve the problem, if it doesnt then try this:
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = $beam_num");
I had that in one of my codes and it worked.

Change your second line to this:
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = '". $beam_num ."'");

Related

Specific data retrieval [duplicate]

I am trying to return a value from my database based on a user input on my form.
When I run the code using a value it works but when I put in the variable it doesn't. I am sure it is something simple, but I just don't get it?
Here is the code that works:
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = '201'");
while($row = mysqli_fetch_array($sql_beam))
{
echo "<p>" . $row['cost_ft'] . "</p>";
echo "<br>";
}
When I change it to this it doesn't:
$beam_num = $_POST['Beam Number'];
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = '$beam_num'");
while($row = mysqli_fetch_array($sql_beam))
{
echo "<p>" . $row['cost_ft'] . "</p>";
echo "<br>";
}

You should never put any variable directly into a query. Google sql injection and how to prevent it.
Here is a simple example:
$sql = "SELECT cost_ft FROM Beams WHERE number = ?";
$stmt = $link->prepare($sql);
$stmt->bind_param("s", $beam_num);
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_assoc())
{
echo "<p>" . $row['cost_ft'] . "</p>";
echo "<br>";
}

Variables in a query work best when enclosed in curly brackets like this:
$beam_num = $_POST['Beam Number'];
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = '{$beam_num}'");
while($row = mysqli_fetch_array($sql_beam))
{
echo "<p>" . $row['cost_ft'] . "</p>";
echo "<br>";
}
That should solve the problem, if it doesnt then try this:
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = $beam_num");
I had that in one of my codes and it worked.

Change your second line to this:
$sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = '". $beam_num ."'");

Php Mysql SELECT query 1 column equals 1 variable

I've been throw so many threads for 4+ hours here and abroad and seem to be missing a simple thing.
I'm trying to have several users upload their 'news' to MYSQL.
Yet I want to display only the 'news' with the logged in username (userpost) attached to the row.
$current is the username for who is logged in, which works.
Example A isn't filtering out rows that don't contain the $current user.
Example B isn't providing any output
So I've tried both A:
$result = mysqli_query($con,"SELECT * FROM images_tbl");
//echo $current . "2" . $current;
while($row = mysqli_fetch_array($result)) {
if ($row['userpost'] = '.$current.') {
$num = 0;
$num = $num + 1;
$pic.$num = $row['images_path'];
$h1 = $row['hlone'];
and B:
$result = mysqli_query($con,"SELECT * FROM images_tbl WHERE (userpost = '.$current.')");
echo $current . "2" . $current;
while($row = mysqli_fetch_array($result)) {
echo $row['hlone'] . " " . $row['images_path'];
echo "<img src=\"" .$row['images_path']. "\">";
}
27, images/08-10-2014-1412752801.jpg(images_path), 2014-10-08, Headline(hlone), Headline2, story, testb(userpost)
Any help would be greatly appreciated.

Add where clause to your query
//in situation A
$result = mysqli_query($con,"SELECT * FROM images_tbl where username='".$current."'");
//username is column name for user you might have to change this
while($row = mysqli_fetch_array($result)) {
echo $row['images_path'];
echo $row['hlone'];
}
In situation B try this
$result = mysqli_query($con,"SELECT * FROM images_tbl WHERE userpost = '".$current."')");
echo $current . "2" . $current;
while($row = mysqli_fetch_array($result)) {
echo $row['hlone'] . " " . $row['images_path'];
echo "<img src=\"" .$row['images_path']. "\">";
}

Why are you trying to filter with PHP.
If you want to filter the 'news' that have not written by current user just use MySQL Where clause:
// For Example A
$result = mysqli_query($con, "SELECT * FROM images_tbl WHERE userpost != '{$current}'");
while($row = mysqli_fetch_array($result)) {
$pic = $row['images_path'];
$h1 = $row['hlone'];
}
// For Example B
$result = mysqli_query($con,"SELECT * FROM images_tbl WHERE userpost = '{$current}')");
echo $current . "2" . $current;
while($row = mysqli_fetch_array($result)) {
echo $row['hlone'] . " " . $row['images_path'];
echo "<img src=\"" .$row['images_path']. "\">";
}
It's easy with MySQL's filtering options. You should do more research about MySQL.

PHP Mysql select to array format

I am reading data from a Mysql database like this:
$result = mysqli_query($con,"SELECT * FROM myTable");
while($row = mysqli_fetch_array($result))
{
echo $row['field1'] . " " . $row['field2'];
}
Instead of outputting the records like this:
echo $row['field1'] . " " . $row['field2'];
I need to get them into the format below:
$list = array(
array('field1'=>'something here', 'field2'=>'something else')
);
How do I do this?

$result = mysqli_query($con,"SELECT * FROM myTable");
while($row = mysqli_fetch_array($result)){
$list[] = $row;
}

My while loop from database is repeating results. I know it's my poorly formatted query.

I have a query to bring results from my database. It works... until there are more than 2 results that it, then it just repeats some results before adding in new ones.
I know it will be because my query is fairly poor, can anyone advise me?
The idea is
connect to database with photo links
get the default user picture as $profile_main
join the words "photo_" with the default picture number and call it
$answer (ex: column 'photo_1' in database)
now check the database again and get the results for $answer and
output all information from that database column.
$result = mysqli_query($con,"SELECT * FROM tbl_photos");
while($row = mysqli_fetch_array($result))
{
$profile_main = $row['default'];
$answer = "photo_" . $profile_main;
$result2 = mysqli_query($con,"SELECT $answer FROM tbl_photos");
while($row = mysqli_fetch_array($result2))
{
echo "<img src=\"" . $row[0] . "\">";
}
}

mysql_fetch_row returns numerical indexes instead of column names (so ['default'] just won't work)...
This is how I would do it if I'm understanding you correctly:
$result = mysqli_query($con,"SELECT * FROM tbl_photos");
while($row = mysqli_fetch_assoc($result))
{
$answer = $row['photo_'.$row['default']];
echo "<img src=\"" . $answer . "\">";
}
Anyway, this is assuming default and photo_x are in the same row.

If you want only one result for a photo then you can use LIMIT like this
SELECT $answer FROM tbl_photos LIMIT 1

First, both loops you set same $row variable. Use 2 different variable names so that the results don't get mixed up.
Second issue is that you have you have 2 loops , so it will show all results each time. You need to break in the second loop. Like this:
$result = mysqli_query($con,"SELECT * FROM tbl_photos");
while($row = mysqli_fetch_array($result))
{
$profile_main = $row['default'];
$answer = "photo_" . $profile_main;
$result2 = mysqli_query($con,"SELECT $answer FROM tbl_photos");
while($row2 = mysqli_fetch_array($result2))
{
echo "<img src=\"" . $row2[0] . "\">";
break;
}
}
Or by using only one query, it would be much more efficient:
$result = mysqli_query($con,"SELECT * FROM tbl_photos");
while($row = mysqli_fetch_array($result))
{
$profile_main = $row['default'];
$answer = "photo_" . $profile_main;
echo "<img src=\"" . $row[$answer] . "\">";
}

You only require 1 query.
TRY
$result = mysqli_query($con,"SELECT * FROM tbl_photos");
while($row = mysqli_fetch_array($result))
{
$photo = "photo_" .($row['default'];
echo "<img src=\"" . $photo . "\">";
}

SQL ERROR mysql_fetch_array(): not valid?

I just can't figure out why i get the error message, I have tried removing the'' and the()
I have run the script in phpmyadmin and it says the problem with my syntax is at $result = ("SELECT * FROM 'test_prefixCatagory' ORDER by 'Cat'");
$result = ("SELECT * FROM 'test_prefixCatagory' ORDER by 'Cat'");
while($row = mysql_fetch_array($result))
$sCat = ($row['Cat']);
$sCatID = ($row['CatID']);
{
echo "<table>";
echo "<tr valign='top'><td><b><a href='#".$sCat."'>".$sCat."</a></b><br>";
// column 1 categories
$result2 = ("SELECT * FROM `test_prefixSubCat` WHERE `CatID`=$sCatID");
// sub-cats
while($row2 = mysql_fetch_array($result2))
{
$sSub = ($row2['CatID']);
$sSubID = ($row2['SubID']);
echo "<dd><a href='#'>".$sSub."</a><br>";
}
echo "<br></td></tr>";
echo "</table>";
}
Do anyone have an idea?

Try this :
<?php
$result = mysql_query("SELECT * FROM `test_prefixCatagory ORDER by `Cat`");
while ($row = mysql_fetch_array($result)) {
$sCat = $row['Cat'];
$sCatID = $row['CatID'];
echo "<table>";
echo "<tr valign='top'><td><b><a href='#" . $sCat . "'>" . $sCat . "</a></b><br>";
// column 1 categories
$result2 = mysql_query("SELECT * FROM `test_prefixSubCat` WHERE `CatID`='".$sCatID. "'");
// sub-cats
while ($row2 = mysql_fetch_array($result2)) {
$sSub = $row2['CatID'];
$sSubID = $row2['SubID'];
echo "<dd><a href='#'>" . $sSub . "</a><br>";
}
echo "<br></td></tr>";
echo "</table>";
}
?>

$result = ("SELECT * FROM `test_prefixCatagory` ORDER by `Cat`");

Not only do you need to add mysql_query but you also need to remove the single quotes from the table name and field name. You can use backticks if you wish but not single quotes around table names.
$result = mysql_query("SELECT * FROM `test_prefixCatagory` ORDER by `Cat`");
// other query:
$result2 = mysql_query("SELECT * FROM `test_prefixSubCat` WHERE `CatID`=$sCatID");
When debugging MySQL problems, use mysql_error() to see a description of the problem.

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

using a variable in a mysqli_query? - php

Change your second line to this: $sql_beam = mysqli_query($link,"SELECT cost_ft FROM Beams WHERE number = '". $beam_num ."'");

Related

Specific data retrieval [duplicate]

Php Mysql SELECT query 1 column equals 1 variable

PHP Mysql select to array format

My while loop from database is repeating results. I know it's my poorly formatted query.

SQL ERROR mysql_fetch_array(): not valid?

Categories

Resources