I am getting values from mysql data base using get method i am passing survey_id and question_id from the url
like below
http://myserver.com/emrapp/surveyAnswersScreenOne.php?survey_id=1,question_id=1
but it is giving error
my php code is given below for fetching
$query = mysql_query("SELECT * from survey_Answers where survey_Id='".$survey_id."' AND question_Id='".$question_id"' ");
$rows = array();
while($row = mysql_fetch_assoc($query)) {
$rows[] = $row;
}
echo json_encode($rows);
This line is having error,this:
$question_id"' "
should be
$question_id . "'"
You should be separating get variables with & not , in the url.
That's because you should use & instead of , between url parameters
http://myserver.com/emrapp/surveyAnswersScreenOne.php?survey_id=1&question_id=1
$survey_id = mysql_real_escape_string($_GET['survey_id']);
$question_id = mysql_real_escape_string($_GET['question_id']);
GET params are normally separated with & not ,. So your link should look more like this:
http://myserver.com/emrapp/surveyAnswersScreenOne.php?survey_id=1&question_id=1
Also, please note that GET variables are not automatically translated to PHP variables. You need to pull them from $_GET array:
$survey_id = $_GET['survey_id']
You does not pass value comma separated in url.You have use & in url like
http://myserver.com/emrapp/surveyAnswersScreenOne.php?survey_id=1&question_id=1
$query = mysql_query("SELECT * from survey_Answers where survey_Id='".$survey_id."' AND question_Id='".$question_id."' ");
A dot is missing!
URL and QUERY BOTH ARE WRONG
http://myserver.com/emrapp/surveyAnswersScreenOne.php?survey_id=1&question_id=1
AND
$question_id . "' "
$query = mysql_query("SELECT * from survey_Answers where survey_Id='".$survey_id."' AND question_Id='".$question_id"'");
you forgot the point for concatenating the string after $question_id -> this should fix your issue:
$query = mysql_query("SELECT * from survey_Answers where survey_Id='".$survey_id."' AND question_Id='".$question_id."'");
anyway,also consider sanitizing your url-inputs -> http://xkcd.com/327/
Related
I am moving a PHP page to my Joomla website and I was advised that I "should use Joomla's coding standards and methods for everything, this includes database queries"
My question is:
How should I transform my old PHP code regarding Joomla standards:
$query = "SELECT * FROM `TABLE 2` WHERE Power=".$input->get('Power', '', 'RAW')." AND Poles=".$input->get('Poles', '', 'RAW')."";
$results = mysql_query($query)
or die(mysql_error());
while ($row = mysql_fetch_array($results))
{
extract($row);
}
?>
This is the TABLE 2 contents. I use the values of each row as a variables on my page.
Most importantly make sure to filter the input to disallow sql injections. Seems both your inputs are numbers (Power is a float and Poles possibly an int?). Also use the #__ - in table names, it will be replaced by the table prefex when you use it in joomla functions. Simplest way to transform your code would be something like:
$app = JFactory::getApplication();
$power = $app->input->getFloat('Power'); // use the correct function
$poles = $app->input->getInt('Poles'); // for the datatype you want
see here for JInput docs
$db = $app->getDbo();
//short variant
$sql = "SELECT * from `#__table 2` WHERE power = "
. $db->quote($power) . " AND poles = " . $db->quote($poles);
$db->setQuery($sql);
$result = $db->loadRowList();
foreach($result as $array){
print_r($array);
}
It should be noted that there are more useful methods for retrieving the data, loadAssoc/loadAssocList for associative arrays, loadObject/loadObjectList for objects. Check the docs for JDatabaseDriver
Alternatively you could transform the query to a "Joomla query" like:
$q = $db->getQuery();
$q->select("*")->from($q->quoteName("#__Table 2"));
$q->where("Power = " . $db->quote($power));
$q->where("Poles = " . $db->quote($poles));
$db->setQuery($q);
...
Docs to JDatabaseQuery
All I want to do, user inputs full or partial Membership Number, and query the SQLite database.
The query will work if you use LIKE %21%, just can't use a variable.
$name=$_POST['mem_num'];
$db = new MyDB();
$result = $db->query('SELECT * FROM details WHERE MEM_NUMBER LIKE '%$name%' ');
while ($row = $result->fetchArray()) {
print $row["MEM_NUMBER"] . "\n";
}
I can do this is MySQL in seconds, but not in SQLite!
$result = $db->query("SELECT * FROM details WHERE MEM_NUMBER LIKE '%" . $name . "%'");
How about this?
To use variables in PHP string, you need to enclose it in double quotes "SELECT ... LIKE '%$name%'"
$result = $db->query('SELECT * FROM details WHERE MEM_NUMBER LIKE "%'.$name.'%" ');
You need to concatenate your query and your variable using dots and to put the percent signs as a part of the strings.
I have a section of code that I can't get to work. the $num variable needs to be passed to the mysql query so it update the latest record with the $num.
The code works when I set $num_d = '1234';
How can I pass the $num variable to the query statement
$test_message ="$full, $t_phone_number, $f_phone_number";
//explode sms message into variables
list($name, $status, $timecode, $latitude, $longitude, $num, $city, $state, $t_phoneb, $t_phone, $f_phone) = explode("," , $test_message);
print_r(explode(',', "$test_message"));
$num_ext = explode(",", $test_message);
$num_d = (string)$num_ext[5];
// Update database table
mysql_query("UPDATE msg SET timecode_off= '$timecode' WHERE (num= '$num_d') ORDER BY id DESC LIMIT 1");
Your code looks to buggy, also three lines doing the same
/* Here, what is the $full format? I looks like a string with coma separated */
$test_message ="{$full}, {$t_phone_number}, {$f_phone_number}";
/* Mapping the array without spaces */
$array = array_filter(array_map('trim', explode(',', $test_message)));
/* Update database table */
mysql_query("UPDATE msg SET timecode_off= '{$array[2]}' WHERE (num= '{$array[5]}');") or die (mysql_error());
I guess, this code must work, however I don't know the $full structure, another think to take care is the ORDER BY restriction, that is for SELECT clause, no for UPDATE clause, probably you need a WHERE
$test_message ="$full, $t_phone_number, $f_phone_number";
$num_ext = explode(",", $test_message);
The result is:
$num_ext[0] = $full;
$num_ext[1] = $t_phone_number;
$num_ext[2] = $f_phone_number; and so on
$num_d = $num_ext[5];
$sql = "UPDATE msg SET timecode_off= '$timecode' WHERE num='$num_d' ORDER BY id DESC LIMIT 1"
$query = mysql_query($sql, $connection);
the index "5" in $num_ext is not exists.if you sure that the num_d always in the end of the the exploded array you can use
$num_d = (string) end($num_ext);
First drop the ORDER BY clause. that is for select statement. Next, echo all of your strings before you store them in the database to get an idea what should be stored and what is actually stored. If output does not give you a clue what went wrong then post the output here.
If the $test_message is formatted right, you should be able to use $num directly like:
mysql_query("UPDATE msg SET timecode_off= '$timecode' WHERE (num= '$num') LIMIT 1");
$num=$_POST['data'];
$no = (int) $num;
$sql = "select * from uploads where id > '$no'"
The above query not working properly.It is displaying the values below the no.I think the problem with conversion.somebody please help to solve this problem
Try this code instead:
if ( empty( $_POST['data'] ) ){
// show error message
echo "No data received";
// use a default values
$num = 0;
}
else
$num=$_POST['data'];
$no = intval($num);
$sql = "select * from uploads where id > $no";
Try to use intval instead of casting to int
You have apostrophes around the value, so the values will be compared as strings, not numbers. The string value 10 for example is smaller than the string value 2.
Remove the apostrophes:
$sql = "select * from uploads where id > $no";
You have Sno = ..., it should be $no = .... It's a typo.
Then, numbers in query doesn't require apostrophes, so don't use them in this context.
You also had $_post instead of $_POST - it's another issue, variables in PHP are case-sensitive.
Try with this
$sql = "select * from uploads where id > ".$no;
and also put $_POST instead of $_post
$no = (int) $_POST['data']; //wrong variable declaration ?
$sql = "select * from uploads where id > $no";
Try this.
$_post replaced by $_POST
one variable instead of two
I get a string vaiable using POST in my php. I want to append this string so that i can use in the sql query to check for containing this string. I want something like this %string%
What i am doing now this gives me error:
$hotelName = '%'+hotelName_old+'%';
just to be sure: did you change your statement to ... WHERE fieldname LIKE '%value%'??
it should be like this
$hotelName = "%'".$hotelName_old."'%";
try this.
just directly use your variable.
$sql = "select * from `tbl_name` where `field_name` like '%{$find}%'"
$result = mysql_query($sql);