So I've been learning for about 3 months now and am currently using very old procedural techniques and the deprecated mysql extension in my code. So time to take a step forward, ditch my procedural ways and get into object oriented / prepared statements...
This is very basic but I guess everyone has to learn some day. I'm trying to get retrieve and simple dataset from mysql database..
so far I have my connection:
$useri = new mysqli('localhost', 'useri', 'xxx','yyy');
if(mysqli_connect_errno()){
echo mysqli_connect_error();
}
I get no errors so I assume this works, and I have my query:
$test_query = "SELECT * FROM t";
$test_query = $useri->real_escape_string($test_query);
echo $test_query;
if($result = $useri->query($test_query)){
while($row = $useri->fetch_object($result)){
echo $row->id;
}
$result->close();
}
$useri->close();
However I get no results... so, 2 questions:
a. what am I doing wrong? and
b. anyone recommend any good tutorials apart from the php manual for this stuff?
Thanks :)
This works for one of the table i have in my db:
$useri = new mysqli('localhost', 'useri', 'xxx','yyy');
if(mysqli_connect_errno()){
echo mysqli_connect_error();
}
$test_query = "SELECT * FROM t";
$test_query = $useri->real_escape_string($test_query);
if($result = $useri->query($test_query)){
while ($row = $result->fetch_object()) { //only this is changed
echo $row->id;
}
$result->close();
}else{ //check for error if query was wrong
echo $useri->error;
}
$useri->close();
make sure that you have a space after *
$test_query = "SELECT * FROM t";
check this tutorial
http://net.tutsplus.com/tutorials/php/php-database-access-are-you-doing-it-correctly/
http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/
Related
This question already has answers here:
How to change mysql to mysqli?
(12 answers)
Closed 3 years ago.
I have many simple PHP files with MySQL queries that I need to modify since my webhost migrated from PHP5 -> PHP7. I am pretty much a PHP/MySQL beginner trying to wrap my head around the changes from MySQL to MySQLi.
I've begun reading the PHP docs re: MySQLi but am getting stuck on mysqli_query at the moment.
Here is the MySQLi code I've tried so far:
<?php
$con = mysqli_connect("localhost”, “my_user","my_password,"my_db”);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$result = mysqli_query("SELECT image, caption
FROM tbllinkcat, tblimages
WHERE tbllinkcat.catid = tblimages.catid
AND tbllinkcat.catid=1;");
while($row = mysql_fetch_array($result))
{
echo $row['image'];
echo "<br />";
echo $row['caption'];
echo "<br />";
}
mysql_close($con);
?>
I'm pretty sure the mysqli_connect code is working but I get errors on the mysqli_query code (error: Warning: mysqli_query() expects at least 2 parameters.
And I am pretty sure I will get errors on the mysql_fetch_array too once I correct mysqli_query. So for now I was wondering if someone could just show me an example of a mysqli_query that would work for the specific SQL statements in my code above? I will continue reading the PHP docs for MySQli and mysqli_query. Thank you.
mysqli_query needs two parameters:
Your database connection
A query
That will result in this:
$result = mysqli_query($con, "SELECT image, caption FROM tbllinkcat, tblimages WHERE tbllinkcat.catid = tblimages.catid AND tbllinkcat.catid=1;");
You also have some weird looking quotation marks in your connect function, correct them:
$con = mysqli_connect("localhost", "my_user", "my_password", "my_db");
To fetch the array, you would use:
while($row = mysqli_fetch_assoc($result))
{
echo $row['image'];
echo "<br />";
echo $row['caption'];
echo "<br />";
}
And finally, to close the connection:
mysqli_close($con);
Note: Just so you know, when using queries with user input, please use prepared statements and bind_param. This will prevent SQL injection attacks. I will show and example below.
$stmt = $db->prepare("SELECT * FROM users WHERE username = ?");
$username = $_POST['username'];
$stmt->bind_param('s', $username);
$result = $stmt->execute();
<?php
$con = mysqli_connect("localhost”,“my_user","my_password”,"my_db”);
//establish database connection
if (!$con)
{
die('Could not connect:'.mysqli_error());
}
$result = mysqli_query($con,"SELECT image,caption FROM tbllinkcat, tblimages WHERE tbllinkcat.catid = tblimages.catid AND tbllinkcat.catid=1");
//perform sql select query with database connection
while($row = mysqli_fetch_array($result))
{
echo $row['image'];
echo "<br />";
echo $row['caption'];
echo "<br />";
}
mysqli_close($con);
?>
For More Info read :-https://www.php.net/manual/en/mysqli.query.php
I've tried the solutions in this question, however mysql has been depricated for mysqli. Even with these changes it still doesn't return the information, instead returns an error, with nothing else (Nothing is heard from mysqli)
What i'm trying to do is kind of similar to the question linked, however it would look like this in the url: example.com?view-work=A01 It would search for A01 in the database, then return the Name, description, an image URL and date it was made live.
This is the code that i've been able to make using the answers from the question:
<?php
//Establishing a connection to the Artwork Database
mysqli_connect('localhost', 'dbuser', 'dbpassword');
mysqli_select_db('db');
$artworkidentifier = $_GET["view_work"];
//Returning the result, if there is one
$artworkidentifier = mysqli_real_escape_string($artworkidentifier);
$sql = "SELECT * FROM ArtDB WHERE art_refcode = '$artworkidentifier'";
$result = mysqli_query($sql);
if (!$result) {
echo "Something's gone wrong! ".mysqli_error();
}
$data = mysqli_fetch_assoc($result);
echo $data["Artwork_Name"];
echo $data["Artwork_Description"];
echo $data["Artwork_URL"];
echo $data["DateUploaded"];
?>
Seems like the cause of these errors was my own incompetence, also probably the fact I'm kind of new to PHP and MySQL in general. I learnt that I needed to reference my connection in some of the commands for them to successfuly process after adding the debug exception mentioned in the OP's comments.
As someone also pointed out, Yes this code is still vulnerable to other types of SQL injection, I'll be addressing these before the final version of the code goes live.
Fixed Code:
<?php
//Establishing a connection to the Artwork Database
$link = mysqli_connect('localhost', 'dbusr', 'dbpasswd', 'db');
//Exeptional Debugging
ini_set('display_errors', 1);
ini_set('log_errors', 1);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
if (!$link) {
echo "Error: Unable to connect to MySQL!";
echo "Error No.".mysqli_connect_errno();
echo "Error in question: ".mysqli_connect_error();
exit;
}
$artworkidentifier = $_GET["view_work"];
//Returning the result, if there is one
$artworkidentifier = mysqli_escape_string($link, $artworkidentifier);
$sql = "SELECT * FROM ArtDB WHERE art_refcode = '$artworkidentifier'";
$result = mysqli_query($link, $sql);
if (!$result) {
echo "Something's gone wrong!"; //This line will be changed later to sound more professional
}
$data = mysqli_fetch_assoc($result);
echo $data["Artwork_Name"];
echo $data["Artwork_Description"];
echo $data["Artwork_URL"];
echo $data["DateUploaded"];
?>
I need some help with my PHP. I have a trouble with fetching the data from the database. I have hired a PHP developer who did not do his job properly that he have messed up the code which make it don't work so I need some help to fix the issue to get it working again.
When I try this:
//open the database File
$db = new SQLite3('myChannel.db');
if(!$db)
{
echo $db->lastErrorMsg();
}
else
{
$channel_name = $_GET['channels'];
$sql ="SELECT channel, title, start_date, stop_date, description FROM programs WHERE channel='$channel_name'";
$results = $db->query($sql);
while ($row = $results->fetchArray())
{
print_r($row);
}
What happen with the code is it will not fetching the matched data from the database as it will not do anything. I think there is something wrong with the $sql variable.
What I'm expecting to do is I want to look for data in the database where I use the variable called $channel_name, then I want to fetch the matched data to output them in my PHP.
Can you please help me how I can fetch the matched data in the database?
Try this code based on the SQLite PHP docs
class MyDB extends SQLite3 {
function __construct() {
$this->open('myChannel.db');
}
}
$db = new MyDB();
if (!$db) {
echo $db->lastErrorMsg();
} else {
$channel_name = $_GET['channels'];
$sql = "SELECT channel, title, start_date, stop_date, description FROM programs WHERE channel='{$channel_name}'";
$results = $db->query($sql);
while($row = $results->fetchArray(SQLITE3_ASSOC) ) {
print_r($row);
}
}
I changed a few things. I turned your database connection into a class, and I changed your while to include SQLITE3_ASSOC.
Warning: OP's code and as a result this answer has code that is
vulnerable to SQL Injection!
Here's my code:
<?php
//recently added
$result = mysql_query("SELECT background FROM " . $shadowless_background_table . " WHERE id = 1");
if ($result == 1){
?>
<script>
jQuery(document).ready(function(){
jQuery(".eltdf-psc-slide").addClass("no-background");
});
</script>
<?php
}
//=============
?>
Basically what I'm trying to do is checking and see if the value stored in the $shadowless_background_table "DB" is == 1 and I only want that column (background). I have browse the web, but what I see are examples with while loops which I was wondering if I could do something like this instead.
If you want to fetch a single record based on a condition you can do this -
$result = mysql_query("SELECT background FROM " . $shadowless_background_table . " WHERE id = 1");
if (mysql_num_rows($result)>0){
$fetchedColum = mysql_result($result, 0, 'COLUMN_NAME');
}
There are couple of issues with your code.The first thing that i have noticed is that you are using mysql API instead of PDO.I don't blame you since the internet is full of old tutorials and you probably didn't have a chance to get some guidance.
MySql is getting old It doesn't support modern SQL database concepts such as prepared statements, stored procs, transactions etc... and it's method for escaping parameters with mysql_real_escape_string and concatenating into SQL strings is error prone and old fashioned.
Organize your project better.
As i have seen from this example you probably have a poor project organization.You should consider reading about PSR Standards
And to go back to your question ,and to update it a bit.
Instead of doing
mysql_query("SELECT background FROM " . $shadowless_background_table . " WHERE id = 1");
I would do it this way:
<?php
$host = "localhost";
$username = "user name of db";
$password = "password of db";
$dbname = "database name ";
try {
$conn = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//your data
$id = 1; // id
$stmt = $conn->prepare("SELECT background FROM database_name WHERE id=:id");
$stmt->bindParam(':id', $id);
$stmt->execute();
$data = $stmt->fetchAll();
foreach ($data as $row) {
echo $row["row_name"];
}
}
catch(PDOException $e)
{
echo "Error: " . $e->getMessage();
}
Go read more about PHP in general ,it will help you out a lot.The biggest problem is that there are so much wrong tutorials and references or they are just old.And people learn from wrong sources.
I had the same problem ,but thanks to right people on this site i have managed to learn more.
My suggestion is that you read about PSR,PDO and PHP in general!!!
Also a thing you should consider reading about is security in php.
Good luck mate :D
I'm very new to PHP, SQL I've worked with using Coldfusion but only with very simple queries. In coldfusion to access a specific database
<cfquery dbname="blah">
I know in PHP I have to use mysql_query() and mysql_connect(), and here is the code I have, so I understand how to access a server and a table, but not the database. How can this be done?
<?php
$sql_branch = "SELECT BranchNum
FROM Branch WHERE
branchName = '$_POST[branch]'";
$connect = mysql_connect('students','xxxxxxx','xxxxxxx');
if(mysql_query($sql_branch, $connect)) {
$branch = mysql_query($sql_branch, $connect);
}
else {
echo "error".mysql_error();
}
$sql_result = "USE henrybooks;
SELECT AuthorFirst, AuthorLast, OnHand, Title
FROM Inventory i, Wrote w, Author a, Book b
WHERE i.BookCode = b.BookCode AND
i.BookCode = w.BookCode AND a.AuthorNum =
w.AuthorNum AND i.BranchNum = $branch";
if(mysql_query($sql_result, $connect)) {
$result = mysql_query($sql_result, $connect);
}
else {
echo "Error".mysql_error();
}
Also I'm unsure if my Error checking is right, my professor did not really explain how that works exactly.
Find out the database name and select it before making any queries:
$connect = mysql_connect('students','xxxxxxx','xxxxxxx');
mysql_select_db('dbName', $connect);
Documentation for mysql_select_db.
You probably want to use mysql_select_db:
$connect = mysql_connect('students','xxxxxxx','xxxxxxx');
mysql_select_db( "blah", $connect );
Use mysql_select_db to connect to the database. Most of the mysql_ functions should be what you are looking for when working with mysql databases.
Are you looking for mysql_select_db?
You can find all mysql functions here.