I really got a problem now. I tried for decades and I can't find why it is not working. I want to get the user that is logged in to see their email on a specific page. I tried a new code now and i get this error: Notice: Undefined variable: row in
The code I use is:
<?
$username = $_SESSION['username'];
$sql = "select * from users where username=" . $username . "";
echo $sql;
$query = mysql_query($sql);
while ($row = mysql_fetch_array($query)) {
}
?>
AND
<?php echo $row['email']; ?>
<?php
$username = $_SESSION['username'];
$query = mysql_query("select * from users where username='".$username."'");
while ($row = mysql_fetch_array($query)) {
$email=$row["email"];
}
echo $email;
?>
try this.
don't use mysql_* functions
I think... Problem is in SQL query. I propose your column "username" is something like VARCHAR(50). So you have to add quote.
$sql = "select * from users where username='" . $username . "'";
I see a bug, and a design problem.
You've designed your script so that you're printing whatever was last assigned to $row in the condition of your while loop.
You're getting the error because the query is not returning anything and the loop is not running. Therefore, $row is never assigned. That being said, you probably don't want to use a while-loop if all you're trying to do is display the value of the "email" column in the first record returned. If you did want to, then stop it.
Call mysql_fetch_assoc() on your $result (doesn't return as much data), and check that it doesn't return FALSE (one or more records weren't found).
if((row = mysql_fetch_assoc($result)) === false)
die("Error.");
?>
Email:
Related
I am working on a project to retrieve the login details from the database to authenticate users.
However, I couldn't get the authentication part, even though the username and password are in the database, there is a problem retrieving them. In addition, I have gotten the error "Trying to get property num_rows of non-object". Kindly advise what is non-object.
Thank you in advance!
Below is a snippet of my code :
<?php //login.php
include "dbconnect.php";
session_start();
if (isset($_POST['username']) && isset($_POST['password']))
{
// if the user has just tried to log in
$username = $_POST['username'];
$password = $_POST['password'];
$password = md5($password);
$query = 'select * from users'
."where username='$username' "
." and password='$password'";
//echo "<br>" .$query. "<br>";
$result = $dbcnx->query($query);
if ($result->num_rows >0 )
{
// if they are in the database register the user id
$_SESSION['valid_user'] = $username;
}
$dbcnx->close();
}
?>
<?php
#$dbcnx = new mysqli('localhost','root','','kimbae');
if ($dbcnx->connect_error){
echo "Database is not online";
exit;
}
if (!$dbcnx->select_db ("kimbae"))
exit("<p>Unable to locate the kimbae database</p>");
?>
The Trying to get property num_rows of non-object error that you mention is related to $result not receiving the proper query result. You could echo $result; to see what's there. Will probably be empty or null.
Assuming $dbcnx exists and is correct, the only error I noticed is that your query string is missing a space on the second line, which creates an invalid SQL query. It should be like this:
$query = 'select * from users'
." where username='$username' "
." and password='$password'";
If that doesn't work, please post the code you have inside dbconnect.php as well.
PS.: Even though I am not an expert in PHP, you should probably look into a better/safer way to do authentication. Maybe go with a framework or something like that.
PS 2.: This has nothing do to with javascript, so wrong TAG there :)
I want to take the value of a single MySQL cell and use it as a string inside PHP code - I already know the cell exists, where it is, and nothing else is needed. What's the easiest way to do this? All the examples I've found focus on using a loop to output multiple rows into a table, which seems needlessly complicated for my purposes.
Basically what I want to do is this:
require_once 'login.php'; // Connects to MySQL
$sql = "SELECT name FROM users WHERE id='1'"; // id is determined elsewhere
$result = mysqli_query($connect, $sql);
echo "Your name is " . $result;
But I get an error message that it's not a valid string.
You forgot to fetch record from $result using mysqli_fetch_assoc().
So you can fix your code this way:
$result = mysqli_query($connect, $sql);
while ($row = mysqli_fetch_assoc($result)) {
echo "Your name is " . $row['name'];
}
sorry I am very new to PHP. This has probably been asked before but I am unable to get this code working, I am currently trying to check whether a user has logged in before but the mysqli_fetch_assoc only seems to pull through the second row, this query should only return one row so i only figured it out it was returning two when i added a duplicate to my DB. I have found similar questions and solutions but havent been able to figure it out.
Thanks in advance.
require_once 'login.php';
$db_server = mysqli_connect($db_hostname,$db_username,$db_password,$db_database);
$query = "SELECT * FROM users WHERE username = 'ben944' AND firstlogin = '0'";
$result = mysqli_query($db_server,$query);
if(!$result) {
echo "not working";
exit;
}
$row = mysqli_fetch_row($result);
while($row = mysqli_fetch_assoc($result))
{
print_r($row);
}
The separate $row = mysqli_fetch_row($result); line already fetches and removes the first row from the result before the while loop starts. That's why it's not printed by the while loop (which you have added for debugging purposes obviously).
I have a little test project set up so that when you click a wolves's name, it takes them to a page that I want to use to personalize information concerning whichever wolf they clicked on. The page is called wolf.php. I'm trying to using passing variable the $_GET method to assign the URL the wolves id, i.e www.testsite.com/wolf.php?id=1 but the page then displays nothing even though I do not get an error.
Here's the home page (home.php)
<?php
$username = $_SESSION['username'];
$result = #mysql_query("SELECT * FROM wolves WHERE owner = '$username'");
while($wolf = mysql_fetch_array($result))
{
echo "<a href= wolf.php?id=$wolf[id]>$wolf[name]</a>";
};
?>
Clicking this link takes me to www.testsite.com/wolf.php?id=1 (or whatever the id was). On wolf.php I have this:
<?php
$id = $_GET['id'];
$result = #mysql_query("SELECT name FROM wolves WHERE id = '$id'") or die("Error: no
such wolf exists");
echo .$result['name'].
;
?>
I'm not sure where I went wrong but this doesn't seem to be working. No information regarding the id of the wolf shows up. Thanks for help in advance.
Turn on error reporting with error_reporting(E_ALL); ini_set('display_errors', 1); in development so you see the fatal syntax errors in your code. It is also recommended to remove # error suppression operator from your mysql_*() calls.
You have syntax problems on the last line. Unexpected . concatenation operators:
// Wrong:
// Parse error: syntax error, unexpected '.'
echo .$result['name'].
;
// Should be:
echo $result['name'];
Next, you have not fetched a row from your query:
// mysql_query() won't error if there are no rows found. Instead you have to check mysql_num_rows()
$result = mysql_query("SELECT name FROM wolves WHERE id = '$id'") or die("Query error: " . mysql_error());
// Zero rows found, echo error message.
if (mysql_num_rows($result) < 1) {
echo "No such wolf.";
}
else {
// Row found, fetch and display.
$row = mysql_fetch_assoc($result);
echo $row['name'];
}
Note that this script is wide open to SQL injection. At a minimum, call mysql_real_escape_string() on your query input variables.
$id = mysql_real_escape_string($_GET['id']);
Ultimately, think about using PDO or MySQLi instead of the old mysql_*() functions, as they support prepared statements for greater security over manually escaping variables. The mysql_*() functions are planned for deprecation.
Firstly need fetch a result row.
Variant 1 - associative array (values are avialable as field names)
$result = mysql_fetch_assoc($result);
echo $result['name'];
Variant 2 - enumerated array (by index, started from zero)
$result = mysql_fetch_row($result);
echo $result[0];
<?php
$username = $_SESSION['username'];
$result = #mysql_query("SELECT * FROM wolves WHERE owner = '$username'");
You forgot the session_start(); at the begining. $username is "" and the sql maybe is returning 0 records.
In your second snippet you can't treat $result like it's an array; it's a resource identifier. To get an array, do:
$row = mysql_fetch_assoc($result);
echo $row['name'];
Also read about SQL injection vulnerability.
I'm trying to use $_SESSION['valid_user'] in a .php script that accesses the table "mail" under "users." $_SESSION['valid_user'] has been defined in a script which I included. Whenever I use "WHERE to=$_SESSION['valid_user']" in my SELECT statement, I get a blank page. However, if I take it out, the script runs and displays all messages in the database, not just the message that was defined to show to that particular username. Despite this, I can echo $_SESSION['valid_user'] outside of the while loop or SELECT statement. Here's my code:
<?php
include("mainmenu.php");
include("checklogin.php");
//$_SESSION['valid_user'] defined in checklogin.php
$con = mysql_connect("localhost", "root", "g00dfor#boy");
if(!$con){
die(mysql_error());
}
mysql_select_db("users", $con);
$result = mysql_query("SELECT * FROM mail WHERE to=$_SESSION['valid_user']");
//when executed with WHERE to=$_SESSION['valid_user'] it displays blank page.
while($row = mysql_fetch_array($result))
{
echo "To: " . $row['to'] . "| From: " . $row['from'] . "<br/>";
echo "Subject: " . $row['subject'] . "<br/><br/>" . "Message: " . $row['message'];
echo "<br/>";
}
mysql_close($con);
?>
Don't say, "Put $_SESSION['valid_user'] in double quotes." I've already tried that.
Change to $result = mysql_query("SELECT * FROM mail WHERE to='".$_SESSION['valid_user']."'");
You need to put brackets around the SESSION variable in your query.
change
$result = mysql_query("SELECT * FROM mail WHERE to=$_SESSION['valid_user']")
to
$result = mysql_query("SELECT * FROM mail WHERE to='{$_SESSION['valid_user']}'")
EDIT
You need to change
while($row = mysql_fetch_array($result))
to
while($row = mysql_fetch_assoc($result))
because you are referencing the columns by their names rather than by their index value.
Try
$result = mysql_query("SELECT * FROM mail WHERE to='".$_SESSION['valid_user']."'");
or
$result = mysql_query("SELECT * FROM mail WHERE to='$_SESSION[valid_user]'");
Both should not be valid queries;
Try capturing your query in a variable and printing it out to see what you get.
$query = "SELECT * FROM mail WHERE to=$_SESSION['valid_user']";
If the $_SESSION['valid_user'] contains any spaces you will need to wrap it in some form of single or double quotes other wise MySQL won't know what you really want.
Presumably user_name is a variable, originally provided by a user of your site? In that case you absolutely must escape it when embedding it in an SQL query, or you will be prone to injection attacks:
$result = mysql_query("SELECT * FROM mail WHERE to='".mysql_escape_string($_SESSION['valid_user'])."'");