I am using this code for fetching data from database , I am getting $data fetched properly but i am not getting data properly in this variable $seldata why is it so
<?php
include_once("includes/connection.php");
include_once("includes/session.php");
//echo $_SESSION['uid'];
$sql="SELECT * FROM employee WHERE eid = '{$_GET['id']}'";
$result=mysql_query($sql);
$data=mysql_fetch_array($result);
echo "data".$data;
$sel_valsql="select * FROM selected_candidate WHERE eid = '{$_GET['id']}'";
$sresult=mysql_query($sel_valsql);
$seldata=mysql_fetch_array($sresult);
echo "seledata".$seldata;
?>
<?php
include_once("includes/connection.php");
include_once("includes/session.php");
//echo $_SESSION['uid'];
$sql="SELECT * FROM employee WHERE eid = '".$_GET['id']."'";
$result=mysql_query($sql);
$data=mysql_fetch_array($result);
echo "data".$data;
$sel_valsql="select * FROM selected_candidate WHERE eid = '".$_GET['id']."'";
$sresult=mysql_query($sel_valsql);
$seldata=mysql_fetch_array($sresult);
echo "seledata".$seldata;
?>
Note: mysql_fetch_array() returns an array of results so you need to do print_r($seldata) in order to view the results.
try this,
$sql = "SELECT * FROM employee WHERE eid = '" . $_GET['id'] . "'";
As a sidenote, the query is vulnerable with SQL Injection if the value(s) came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.
How to prevent SQL injection in PHP?
Remove the single quote form the where condition i.e.
$sql="SELECT * FROM employee WHERE eid = {$_GET['id']}";
or do like this:
$sql = "SELECT * FROM employee WHERE eid = '" . $_GET['id'] . "'";
Related
Require("dbconnect.php");//works is used on other another page
echo $Customer_id;//Displays correctly
Can anyone help?
First Check that use session variable is getting the data or not.
If the Customer id is of varchar then you are missing single inverted comma in where clause.
session_start();
$Customer_id = $_SESSION['id'];
Require("dbconnect.php");//works is used on other another page
$sql = "SELECT Job_id FROM Job";
$sql.= " WHERE Job_Customer_id = '$Customer_id'";
$stmt = $dbh->query($sql);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$Job_id = $row['Job_id'];
echo $Customer_id;//Displays correctly
echo $Job_id;//Curently dose not display anything
Change the $sql.= line to this:
$sql.= " WHERE Job_Customer_id = '$Customer_id'"
with the ' around $Customer_id.
I'm trying to select and echo a single field.
This is my code when I'm trying it
session_start();
$query = "select id from user where username = ".$_SESSION['username'];
$result = mysql_query($query);
$admin_id = mysql_fetch_array($result);
echo $admin_id['id'];
When I run that code, this warning text appears
mysql_fetch_array() expects parameter 1 to be resource, boolean given in ......
How should I do it?
You should use quotes when you assign values in sql queries .
$query = "select id from user where username = '{$_SESSION['username']}'";
Or
$query = "select id from user where username = '" . $_SESSION['username'] . "'";
However, it is not a good practice so you better look forward prepared statements to reduce sql injection vulnerability : http://ru2.php.net/pdo.prepared-statements
Try this:
$username = $_SESSION['username'];
$query = "select id from user where username = '$username'";
I'm trying to use the row from a query in another query.
This query correctly displays the username of the user currently signed in:
$param = $fgmembersite->UserEmail();
$query = mysqli_query($con, "SELECT username FROM Users1 WHERE email = '$param'
");
while ($row = mysqli_fetch_array($query)){
echo $row['username'] ;
}
I'm trying to find a way to use $row['username'] in another query something like...
$sql = mysqli_query($con, "SELECT * FROM messages WHERE to_user = '" . $row['username'] . "' ");
This doesn't give me a coding error, but it doesn't work. The username row obviously can't be taken from a separate query the way I'm attempting.
I have tried every combination I can think of but nothing has worked for me. Any help greatly appreciated.
Try a subquery
SELECT * FROM messages WHERE to_user in (SELECT username FROM Users1 WHERE email = '$param')
You can join the queries into one:
SELECT `messages`.*
FROM `messages`
JOIN `Users1`
ON `Users1`.`username`=`messages`.`to_user`
WHERE
`Users1`.`email`='$param'
Well you should place your second query inside while:
while ($row = mysqli_fetch_array($query)){
echo $row['username'] ;
$sql = mysqli_query($con, "SELECT * FROM messages WHERE to_user =
'" . $row['username'] . "' ");
}
Now loop ends when mysqli_fetch_arrray returns NULL and that NULL you are trying to insert into second query.
You can combine the two queries into one.
SELECT * FROM messages WHERE to_user = (SELECT username FROM Users1 WHERE email = '$param')
I am trying to display an entry from a MySql database which is selected by GET data.
if (isset($_GET["id"])){
$id=$_GET["id"];
$result = getSelectedBlog($id);
while($row = mysqli_fetch_array($result))
{
extract($row);
?>
<div class="headline"><?php echo $headline ?></div>
<div class="subtitle"><?php echo $subTitle ?></div>
<div class="content"><?php echo $content ?></div>
<?php
}
Here is the SQL statement:
function getSelectedBlog($id){
$con = mysqli_connect('localhost', 'root', '', 'michaelWebsite') or die('could not connect');
$sql = 'SELECT * FROM tblArticle WHERE tblArticle.articleID LIKE "$id"';
$result = mysqli_query($con, $sql) or die('entry does not exist.:' . mysqli_error($con));
return $result;
}
As you can see, I am passing the get data as $id to the method that returns the result. However nothing is being returned. There are three entries at the moment, if I change $id in the SQL statement to either 1, 2 or 3 it will show the corresponding data but it just will not work with the $id variable.
The URL does end with the correct info ?id=1.
Please excuse me if it is something stupid, I have just been stuck on this for hours now!!
All of these answers will solve your problem, but none have mentioned or prevented SQL Injection.
In your case I recommend (assuming articleID is an integer field).
$sql = 'SELECT * FROM tblArticle WHERE tblArticle.articleID LIKE "' . (int)$id . '"';
I'm also curious why you are using LIKE for an id field.
Note: Since you are using MySQLi, I'd encourage you to look at prepared statements.
$sql = 'SELECT * FROM tblArticle WHERE tblArticle.articleID LIKE "'.$id.'"';
escape your var in simple quote
Try with this:
$sql = "SELECT * FROM tblArticle WHERE tblArticle.articleID LIKE '$id'";
or with
$sql = 'SELECT * FROM tblArticle WHERE tblArticle.articleID LIKE "' . $id . '"';
You need to use double quotes in order for php to correctly expand your variables :) so change your query to
$sql = "SELECT * FROM tblArticle WHERE tblArticle.articleID LIKE '$id'";
Change
'SELECT * FROM tblArticle WHERE tblArticle.articleID LIKE "$id"'
to
"SELECT * FROM tblArticle WHERE tblArticle.articleID LIKE '$id'"
Variables will be evaluated only if they're between double quotes "
I need to read a text file, query the database table with that name, and store that table's data in another table. So far I have written this code but I don't know why it's not working.
foreach ($lindb as $namedb) {
$query = "SELECT * FROM ntable WHERE name =" .$namedb. "";
$result = mysql_query($query);
while ($r = mysql_fetch_array($result)) {
$query = "INSERT INTO ndtable (name,details,address,login,country) VALUES (\"".$r["name"]."\", \"".$r["details"]."\", \"".$r["address"]."\", \"".$r["login"]."\", \"".$r["country"]."\")";
mysql_query($query);
}
}
You don't have quotes around $namedb
ie. SELECT * FROM ntable WHERE name =" .$namedb. ""; should be SELECT * FROM ntable WHERE name ='" .$namedb. "'";
I suggest a SELECT INTO would be the better choice... and please post the error so we are able to help...