i'm trying to select data from mysql database with code in php but always i have errors.`
<?php
$dbhost = "localhost";
$dbuser = "";
$dbpass = "";
$db = "test";
$connect = mysql_connect($dbhost, $dbuser, $dbpass, $db)
or die ("connexion impossible");
mysql_select_db($db) or die ("selection de la base échoué");
$username = $_POST['username'];
$password = $_POST['password'];
query = mysql_query("SELECT * FROM table2 WHERE username= '$username' AND password='.$password'");
$num = mysql_num_rows($query);
if($num == 1) {
while($list = mysql_fetch_assoc($query)){
$output = $list;
echo json_encode($output);
}
mysql_close();
}
?>
errors:
Notice: Undefined variable: username in C:\wamp\www\projet\connect.php on line 11
Notice: Undefined variable: password in C:\wamp\www\projet\connect.php on line 11
Replace the line
query = mysql_query("SELECT * FROM table2 WHERE username= '$username' AND password='.$password'");
with
$query = mysql_query("SELECT * FROM table2 WHERE username= '".$username."' AND password='".$password."'");
You have missed the $ before variable query, and with some string concatenation problems
And please use PDO instead of deprecated mysql_*
there is extra dot before $password in mysql query and query should be $query as $query is variable.
query = mysql_query("SELECT * FROM table2 WHERE username= '$username' AND password='.$password'");
should be
$query = mysql_query("SELECT * FROM table2 WHERE username= '$username' AND password='$password'");
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
i'm getting the following error
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\login.php
everything else work fine... except for this !
Here's my query :
<?php
$inputuser = $_POST["user"];
$inputpass = $_POST["pass"];
$user = "root";
$password = "";
$database = "share";
$connect = mysql_connect("localhost:3306",$user,$password);
#mysql_select_db($database) or ("Database not found");
$query = "SELECT * FROM 'users' WHERE 'username'= '$inputuser'";
$querypass = "SELECT * FROM 'users' WHERE 'password'= '$inputpass'";
$result = mysql_query($query);
$resultpass = mysql_query($querypass);
$row = mysql_fetch_array($result);
$rowpass = mysql_fetch_array($resultpass);
$serveruser = $row['user'];
$serverpass = $row['password'];
if ($serveruser && $serverpass) {
if (!$result) {
die ("Invalid Username/Password");
}
header('Location: Fail.php');
mysql_close();
if ($inputpass == $serverpass) {
header('Location: Home.php');
} else {
}
}
?>
Do not use mysql_* functions. They are deprecated.
You have an error in your SQL Syntax. Change your queries to this:
SELECT * FROM `users` WHERE `username`= '$inputuser';
SELECT * FROM `users` WHERE `password`= '$inputpass';
You must use backticks, ` and not ' quotes.
And please try to combine them like this:
SELECT * FROM `users` WHERE `username`= '$inputuser' AND `password`= '$inputpass';
What if there are two users with the same password? You cannot expect all the users to use different passwords right?
Other things. You are passing the user input directly to the SQL. This is very bad and leads to SQL Injection. So you need to sanitize the inputs before you can send it to the Database server:
$inputuser = mysql_real_escape_string($_POST["user"]);
$inputpass = mysql_real_escape_string($_POST["pass"]);
Again, do not use mysql_* functions.
Update the Code
Use the following code.
// single query
$query = "SELECT * FROM `users` WHERE `username`='$inputuser' AND `password`='$inputpass'";
// your original query
$query = "SELECT * FROM `users` WHERE `username`= '$inputuser'";
Final Code
<?php
$inputuser = mysql_real_escape_string($_POST["user"]);
$inputpass = mysql_real_escape_string($_POST["password"]);
$user = "root";
$password = "";
$database = "share";
$connect = mysql_connect("localhost", $user, $password);
#mysql_select_db($database) or ("Database not found");
$query = "SELECT * FROM `users` WHERE `username`= '$inputuser' AND `password`= '$inputpass'";
$result = mysql_query($query);
if (mysql_num_rows($result) == 1) {
header('Location: Home.php');
die();
}
else {
header('Location: Fail.php');
die ("Invalid Username/Password");
}
?>
I've got a login.php file which looks like this:
include "myfuncs.php";
$connect = dbConnection();
$username = $_POST["username"];
$passwort = md5($_POST["password"]);
$query = "SELECT username, password FROM user WHERE username LIKE '$username' LIMIT 1";
$ergebnis = mysql_query($query);
$row = mysql_fetch_object($result);
if($row->password == $passwort)
{
echo "Hi $username";
$_SESSION["username"] = $username;
echo "Login successfully";
}
else
{
echo "Login doesn't work";
}
and a myfuncs.php file which looks like this:
function dbConnection()
{
$servername = "...";
$username = "...";
$password = "...";
$dbname = "...";
$db_connect = new mysqli($servername, $username, $password, $dbname);
if ($db_connect->connect_error)
{
die("Connection failed: " . $db_connect->connect_error);
}
return $db_connect;
}
Unfortunately the login form doesn't work - it always gives the error "Login doesn't work" even when the username and password matches with the database entry.
Arg, you are mixing a mysqli with class mysql functions. I dont think it works...
It works this way : PHP MySQLI
$stmt = $mysqli->prepare($query)
while ($stmt->fetch()) {
(...)
}
I see you have error in your variable name in line #6.
try this:
$query = "SELECT username, password FROM user WHERE username LIKE '$username' LIMIT 1";
$result= mysql_query($query);
$row = mysql_fetch_object($result);
There are several problems with your code. In myfuncs.php you use mysqli and after that, in your code you use mysql (without "i"). mysql (without "i") is deprecated, so you should use mysqli everywhere.
More than that, in your code you have:
$query = "SELECT username, password FROM user WHERE username LIKE '$username' LIMIT 1";
$ergebnis = mysql_query($query);
$row = mysql_fetch_object($result);
Please see the bold text from next two lines (it should be the same variable):
$ergebnis = mysql_query($query);
$row = mysql_fetch_object($result);
You should have
$result = mysql_query($query);
if you will use mysql.
I want the result of that above query but instead of the result of the query , the query is itself printed , not the result of it ? why?
<?php
$host = 'localhost';
$user = 'root';
$passwd = '';
$database = 'p_database';
$connect = mysql_connect($host,$user,$passwd) or die("could not connect to database");
$query = "SELECT DATE(order_time) AS date, SUM(Quantity) AS total_sales
FROM ss_orders,ss_ordered_carts
GROUP BY date";
mysql_select_db($database);
$result = mysql_query ($query,$connect);
print "$query";
?>
you had printed the $query , so please modify your code
mysql_select_db($database,$connect);
$result = mysql_fetch_assoc(mysql_query($query));
print_r($result);
Use Print_r or echo instead of Print
<?php
$host = 'localhost';
$user = 'root';
$passwd = '';
$database = 'p_database';
$connect = mysql_connect($host,$user,$passwd) or die("could not connect to database");
$query = "SELECT DATE(order_time) AS date, SUM(Quantity) AS total_sales
FROM ss_orders,ss_ordered_carts
GROUP BY date";
mysql_select_db($database);
$result = mysql_query ($query,$connect);
while(mysql_fetch_array($result)){
echo $result[1];
}
?>
I can't get my authors from my php quotes
i have a quotes table:
id, quote, aid
i have a author table:
id, name, etc...
<?php
$DB_SERVER = "localhost";
$DB_USER = "root";
$DB_PASS = "";
$DB_NAME = "test";
$con = mysql_connect($DB_SERVER, $DB_USER, $DB_PASS);
mysql_select_db($DB_NAME);
$sql = mysql_query("SELECT * FROM quotes WHERE id = ".$_GET['id'], $con);
$row = mysql_fetch_row($sql);
$sql = mysql_query("SELECT * FROM author where aid = " . $row[1], $con);
$row = mysql_fetch_row($sql);
var_dump($row);
now i get this error
Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean given in /var/www/domain.com/php.php on line 14
NULL
if you print_r($row); after the first query you will see something like:
Array
(
[0] => id
[1] => quote
[2] => aid
)
then on your second query you use $row[1] which is the quote (string) and not the number.
$sql = mysql_query("SELECT * FROM author where aid = " . $row[1], $con);
if you echo the error (using mysql_error($con)) you will see something:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'a quote
instead of using mysql_fetch_row use mysql_fetch_assoc and the key of the array will be the name of the column. This way, it's very easy to retrieve data. And don't forget to close your connection.
<?php
$_GET['id'] = 1;
$DB_SERVER = "localhost";
$DB_USER = "root";
$DB_PASS = "";
$DB_NAME = "test";
$con = mysql_connect($DB_SERVER, $DB_USER, $DB_PASS);
mysql_select_db($DB_NAME);
$sql = mysql_query("SELECT * FROM quotes WHERE id = " . (int)$_GET['id'], $con); // or you can use the mysql_real_escape_string
if(!$sql) {
echo mysql_error($con);
}
$row = mysql_fetch_assoc($sql);
mysql_free_result($sql);
$sql = mysql_query("SELECT * FROM author where id = " . (int)$row['aid'], $con);
if(!$sql) {
echo mysql_error($con);
}
$row = mysql_fetch_assoc($sql);
mysql_free_result($sql);
print_r($row);
mysql_close($con);
From the manual:
mysql_query() returns a resource on success, or FALSE on error.
mysql_query() will also fail and return FALSE if the user does not
have permission to access the table(s) referenced by the query.
So just do some quick error checking
$sql = mysql_query("SELECT * FROM author where aid = " . $row[1], $con);
if ( $sql ) {
$row = mysql_fetch_row($sql);
}
else {
//error
}
I hope someone can help see what's wrong here:
I have a form with two field EMAIL and PASSWORD that opens a php page where I intend to run a simple query on a table.
I get an error message that makes no sense:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '#gmail.com' at line 1.
The email address I entered in this case did end with '#gmail.com'
Here's the code:
<?php
$dbhost = 'somewhere.net';
$dbuser = 'someUser';
$dbpass = 'pass';
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');
$dbname = 'medreunten_db1';
mysql_select_db($dbname) or die(mysql_error($conn));
$email = mysql_real_escape_string($_POST['email']);
$query = "SELECT * FROM employee WHERE email = $email";
$result = mysql_query($query, $conn) or die (mysql_error($conn));
extract(mysql_fetch_assoc($result));
while ($row = mysql_fetch_array($result)) {
extract($row);
echo $row['name'];
echo $row['surname'];
echo $row['age'];
}
?>
Any advice would be appreciated.
You are missing quotes around string fields:
$query = "SELECT * FROM employee WHERE email = '$email'";
Additionally,
extract(mysql_fetch_assoc($result));
will fetch the first row from the database, so your while loop will start from the second row.
You have to put the value in quotes inside SQL string.
$email = mysql_real_escape_string($_POST['email']);
$query = "SELECT * FROM employee WHERE email = '$email'";
(mind the extra '' around $email)
Your query translates to:
SELECT * FROM emloyee WHERE email = foo#bar.com
This doesn't work, you have to put strings in quotes. Change your code to the following and it will work:
$query = "SELECT * FROM employee WHERE email = '$email'";
Just single quote the variable '$email' because it varchar type value and field .
As wrote, Darhazer :)
Full fixed code:
<?php
$dbhost = 'somewhere.net';
$dbuser = 'someUser';
$dbpass = 'pass';
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');
$dbname = 'medreunten_db1';
mysql_select_db($dbname) or die(mysql_error($conn));
$email = mysql_real_escape_string($_POST['email']);
$query = "SELECT * FROM employee WHERE email = '$email'";
$result = mysql_query($query, $conn) or die (mysql_error($conn));
extract(mysql_fetch_assoc($result));
while ($row = mysql_fetch_array($result)) {
extract($row);
echo $row['name'];
echo $row['surname'];
echo $row['age'];
}
?>