I have the following PHP code, which is supposed to get the "first" and "last" values of the column where the "id" matches what is in the URL. For instance, when the URL is ../Profile?id=1, it would say First: Bob Last: Doe, because Bob Doe is attached to the id of 1.
I do this with the following code:
session_start();
$id = $_GET['search'];
$dbhandle = mysql_connect("localhost", "SocialAdmin", "******")
or die("Unable to connect to MySQL");
$selected = mysql_select_db("socialdonuttesting",$dbhandle)
or die("Could not select database");
$result = mysql_query("SELECT * FROM users WHERE id = '$id'");
$first = $result['first'];
$last = $result['last'];
echo "First: $first Last: $last";
But for some reason, this is just displaying First: Last: when I go to ../Profile?id=1. Does anyone know why?
You are not fetching the result.
$row = mysql_fetch_assoc($result);
echo $row['first'];
echo $row['last'];
You need http://php.net/manual/en/function.mysql-fetch-row.php
However, drop the mysql_ usage and go with PDO.
Also, you are vulnerable to sql injection in your example.
you are not fetching you query
try this
session_start();
$id = $_GET['search'];
$dbhandle = mysql_connect("localhost", "SocialAdmin", "******")
or die("Unable to connect to MySQL");
$selected = mysql_select_db("socialdonuttesting",$dbhandle)
or die("Could not select database");
$result = mysql_query("SELECT * FROM users WHERE id = '$id'");
while($row = mysql_fetch_array($result)){
$first = $row['first'];
$last = $row['last'];
echo "First: ". $first. " Last: ". $last ."</ br>"; }
$result is a resource, you have to use mysql_fetch_* functions. In addittion, I don't recommend you to use * in your SQL query (for example, if you change table structure in the future, the results will be messed up.
Related
When I run the below code i get an error message C:\wamp\www\web\polling\includes\resul and Warning: mysqli_query() expects parameter 1 to be mysqli, integer given i
<?php
$pollid = $_POST['foodID'];
$connection = include('connection.php');
$query = "SELECT * FROM polling WHERE foodID='$pollid'";
$q = mysqli_query($connection, $query);
while($row = mysqli_fetch_array($q)) {
$id = $row[0];
$food = $row[1];
$foodRate = $row[2];
$userEmail = $row[3];
echo "<h1>$food</h1>";
echo "<h1>$userEmail</h1>";
}
?>
Try mysqli_affected_rows() and see if $q is getting any data, if not it will never enter the while loop
Besides that it appears there is an issue in your connection, can you display how your connecting in connection.php?
I'm not sure but the two different types of mysql interactions on the same page raises a red flag. Do you have other pages that work with two types of mysql interactions?
EDIT 1: Try this
$connection = mysqli_connect("localhost", "root", "", "test");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
This should work for your first script
Is there a reason your using two different types of mysql interaction?
You are missing a symbol in the statement
$query = "SELECT * FROM polling WHERE foodID='$pollid'";
s/b
$query = "SELECT * FROM `polling` WHERE foodID='$pollid'";
sorry to bother you all but I'm really struggling with this one:
I connect to my database fine and then I try the following mysql statements:
$query1 = "select row1 from mydatabase where row2 = $Name ";
$answer1 = mysql_query($query1);
However, a few lines later when I try :
echo $answer1;
I'm given only nulls :(
Can anyone give me any suggestions please?
edit:
SQL logins:
mysql_connect("correct", "username", "password");
mysql_select_db("dbname") or die(mysql_error());
everything you did is right you have just to fetch the data like this:
$query1 = "select row1 from mydatabase where row2 = $Name ";
$answer1 = mysql_query($query1);
while($data= mysql_fetch_array($answer1)){
echo $data['row1'];
}
And this is a complet answer, i adjust it as you need ;)
<?php
//Connect to your database
$con=mysqli_connect("db_hostname","db_user","db_password","db_name");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
//Value of the row to select
$row2 = 'some value';
//Make select query
$result = mysqli_query($con, "SELECT row1 FROM MyTable WHERE row2='$row2'");
//Fetch datas
while($row = mysqli_fetch_array($result))
{
echo $row['row1'];
echo "<br>";
}
//Close database
mysqli_close($con);
?>
Good Luck :)
Try using MySQLi_* instead MySQL_* functions and pass the connection variable to the function calls.
If this doesn't work then you might want to try some further debugging by enabling all error reporting and dumping the global scope.
<?php
error_reporting(E_ALL); // Show all errors & warnings
$conn = mysqli_connect("server", "username", "password");
mysqli_select_db($conn, "dbname") or die(mysql_error());
$sql1 = "SELECT `row1` FROM `mydatabase` WHERE `row2` = '".$Name."';";
$query1 = mysqli_query($conn, $sql1);
$answer1 = mysqli_fetch_assoc($query1);
var_dump($GLOBALS); // Dumps all variables in the global scope
?>
add this after $answer1= mysql_query($query1);
while ($row = mysql_fetch_assoc($answer1)) {
// echo data
echo $row['row1'];
}
I want to execute a query that i saved in my database like this:
ID | NAME | QUERY
1 | show_names | "SELECT names.first, names.last FROM names;"
2 | show_5_cities | "SELECT cities.city FROM city WHERE id = 4;"
Is this possible ?
I am kinda noob in php so plz explain if it is possible.
If I understand you correctly, you have your queries saved in the database in a table and you want to execute those.
Break the problem down: you have two tasks to do:
Query the database for the query you want to run.
Execute that query.
It's a bit meta, but meh :)
WARNING: the mysql_ functions in PHP are deprecated and can be dangerous in the wrong hands.
<?php
if (!$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')) {
die('Could not connect to mysql');
}
if (!mysql_select_db('mysql_dbname', $link)) {
die('Could not select database');
}
$name = "show_5_cities"; // or get the name from somewhere, e.g. $_GET.
$name = mysql_real_escape_string($name); // sanitize, this is important!
$sql = "SELECT `query` FROM `queries` WHERE `name` = '$name'"; // I should be using parameters here...
$result = mysql_query($sql, $link);
if (!$result) {
die("DB Error, could not query the database\n" . mysql_error(););
}
$query2 = mysql_fetch_array($result);
// Improving the code here is an exercise for the reader.
$result = mysql_query($query2[0]);
?>
if you did create a stored procedure/function you can simply use:
mysql_query("Call procedure_name(#params)")
Thats will work. reference here: http://php.net/manual/en/mysqli.quickstart.stored-procedures.php
Querying the table to get the query, then executing that query and looping through the results and outputting the fields
<?php
$link = mysqli_connect("localhost", "my_user", "my_password", "world");
/* check connection */
if (mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$RequiredQuery = intval($_REQUEST['RequiredQuery']);
$sql = "SELECT `QUERY` FROM QueryTable WHERE ID = $RequiredQuery";
$result = mysqli_query($link, $sql);
if ($row = mysqli_fetch_assoc($result))
{
$sql = "SELECT `QUERY` FROM QueryTable WHERE ID = $RequiredQuery";
$result = mysqli_query($link, $row['QUERY']);
while ($row2 = mysqli_fetch_assoc($result))
{
foreach($row2 AS $aField=>$aValue)
{
echo "$aField \t $aValue \r\n";
}
}
}
?>
just open the Table and get the individual query in a variable like
$data = mysql_query('SELECT * FROM <the Table that contains your Queries>');
while(($row = mysql_fetch_row($data)) != NULL)
{
$query = $row['Query'];
mysql_query($query); // The Query from the Table will be Executed Individually in a loop
}
if you want to execute a single query from the table, you have to select the query using WHERE Clause.
For ex. adress page test.php?prid=4477535
Code page test.php
function query($query) {
$database = 'test';
$host = 'test';
$username = 'test';
$password = 'test';
$link = mysql_connect($host,$username,$password);
if (!$link) {
die(mysql_error());
}
$db_selected = mysql_select_db($database);
if (!$db_selected) {
die(mysql_error());
}
$result = mysql_query($query);
mysql_close($link);
return $result;
}
$product_idn=$_GET['prid'];
$select_image = query("SELECT * FROM products_images WHERE `product_idn`='$product_idn'") or die(mysql_error());
foreach ($select_image as $row)
{
$select_image_array[]=$row->image;
}
print_r ($select_image_array);
receives a request
SELECT *
FROM products_images
WHERE `product_idn` = '4477535'
If make select from phpmyadmin i have 10 rows.
But if i use test.php?prid=4477535 i see empty page.
print_r ($select_image_array) not show array.
Tell me please why i see rows with phpmyadmin and not see rows with script?
Like the other said, you are prone to SQL injection since you don't serialize your input, but to fix your code, use this:
$select_image = query("SELECT * FROM products_images WHERE `product_idn`='$product_idn'") or die(mysql_error());
while($data = mysql_fetch_assoc($select_image))
{
echo $data['image'];
}
You are doing it wrong.
You have to fetch the resource (mysql_query returns a resource) into an array, and the keys of the array will be the names of the rows returned from your query.
$product_idn=$_GET['prid'];
$select_image = query("SELECT * FROM products_images WHERE `product_idn`='$product_idn'") or die(mysql_error());
while($fetch=mysql_fetch_assoc($select_image))
{
echo $fetch['image'];
}
print_r ($select_image_array);
BTW, You have a security hole here - SQL Injection.
Test the following
$result = query("SELECT * FROM products_images WHERE `product_idn`='$product_idn'")
$select_image = mysql_fetch_assoc($result);
var_dump($select_image);
for more information look at http://se2.php.net/mysql_query
You just
echo $row->image;
Never initialize $select_image_array
print_r ($select_image_array); won't show anything because there is no $select_image_array defined. Did you mean print_r ($select_image);?
Is query() a function you've defined? If not and you don't have errors on you are likely to see nothing.
You also need to sanitize your SQL. Simplest method for now since it's an integer:
$product_idn=(int)$_GET['prid'];
I am using php to get records from a mysql database using the following code:
<?php
$username="";
$password="";
$database="";
$hostname="";
$con = mysql_connect($hostname, $username, $password);
if (!$con){
die('Could not connect: ' . mysql_error());
}
mysql_select_db($database, $con);
if(isset($_POST['emp'])){
$emp = $_POST['emp'];
$result = mysql_query("SELECT * FROM contact_log", $con);
echo mysql_num_rows($result);
die();
while($row = mysql_fetch_array($result)){
$emp = $row['emp'];
echo $emp.'<br>';
}
die();
}
mysql_close($con);
?>
This works fine and returns the correct fields. The problem is that if I change the query to
$result = mysql_query("SELECT DISTINCT * FROM contact_log", $con);
or
$result = mysql_query("SELECT * FROM contact_log GROUP BY emp", $con);
no results are returned.
mysql_num_rows does not even return a value which indicates to me that those lines are breaking my code but I am unable to figure out how.
I doubt you want to do a distinct * on your first query. Looking at your code, you probably want:
"SELECT DISTINCT emp FROM contact_log"
And you can get more information about what is going wrong with mysql_error:
mysql_query("select * from table") or die(mysql_error())
Finally, are you sure that $_POST['emp'] is being sent? Put an echo right after that if to make sure. And just so you know, you aren't using the emp POST variable for anything other than a flag to enter that block of code. $emp = $_POST['emp']; is doing absolutely nothing.