PHP Query Breaking - php

I'm trying to call a database for the first time in PHP, and this query is causing my code to break. Note that I've tested the connection to be good. The culprit is mysql_query(). Can anybody spot what might be going wrong? The table name is "users" and the entry under the 'Name' column is 'mvalentine'. Everything matches case as far as I can tell.
dbInit.php
<?php
$connection = mysql_connect('localhost', 'root', 'password');
$db = mysql_select_db('scaleup');
if ($db) {
$user = mysql_query("SELECT ID FROM 'users' WHERE 'Name' = 'mvalentine'");
}
else {
die ('Error 01: Connection to database failed.');
}
?>
This modified code is now returning something. The value 'users' in the ajax call is now returning "false"
The value being returned should be '1'
ajax response:
<?php
include('dbInit.php');
include('objects.php'); //irrelevant, all code working properly
$layout = new Layout();
$bids = new Bids();
$out = array('layout' => $layout->_board, 'height' => $layout->_height, 'width' => $layout->_width,
'bids' => $bids->_board, 'maxBids' => $bids- >_maxBids, 'users' => $user);
$out = json_encode($out);
echo $out;
?>

It seems like you are expecting $user to contain the user ID, but it will actually contain a resource containing all of the rows returned. In order to get the user ID, you will need something like this:
$result = mysql_query("SELECT ID FROM `users` WHERE `Name` = 'mvalentine'");
if (!$result) {
die('Invalid query: ' . mysql_error());
} else {
$row = mysql_fetch_assoc($result);
$user = $row['ID'];
}
Also, take note of the other comments and answers regarding style and the preference of mysqli and PDO for this type of thing.

What is "$db" in your if statement?
To connect to your database you must use "mysql_connect" and "mysql_select_db".
For example,
<?php
$connection = mysql_connect('localhost', 'root', 'password');
$db = mysql_select_db('database_name');
if($connection)
{
if($db)
{
//query here
} else {
die("Couldn't connect to mysql database ".mysql_error());
}
} else {
die("Couldn't connect to mysql host ".mysql_error());
}
?>
Also, it is good practice to surround table and column names with the prime character like so
mysql_query("SELECT * FROM `tablename` WHERE `column_name` = 'value'");

I can't verify this right now, but I believe you may have a syntax error in your query:
mysql_query("SELECT ID FROM 'users' WHERE 'Name' = 'mvalentine'");
Column and table names, if you wish to quote them, should use the back tick:
$result = mysql_query("SELECT ID FROM `users` WHERE `Name` = 'mvalentine'");
Then change the rest of your code to actually fetch the user details:
$result = mysql_query("SELECT ID FROM `users` WHERE `Name` = 'mvalentine'") or die("Query failed");
$row = mysql_fetch_assoc($result);
$user = $row['ID'];

Related

Use PHP loop to fetch tables data from the table which contain names of database tables

I have table named category which contain names of other tables in the same database. I want to fetch table names from category table and then fetch data from each table from db. So far I have this code below:
$db = new mysqli('localhost', 'root', '', 'db_cat');
if($db){
// $q = "SELECT TABLE";
// $echo = $db->query($q);
// echo $echo;
// $result = $db->query("SHOW TABLES");
$qCat="SELECT * FROM product_category";
$cat_query= $db->query($qCat) or die(mysql_error());
while ($fetch= $cat_query->fetch_object())
{
$cat_id=$fetch->id;
$category=$fetch->category;
$p_cat=str_replace(" ","_",strtolower($category).'_categories');
//if(strlen($category)>22){$fine_product_name= substr($service, 0,19).'...';}else{ $fine_product_name=$category;}
$result = $db->query("SHOW TABLES");
while($row = $result->fetch_array()){
$tables[] = $row[0];
}
}
The second query must be different.
$result = $db->query("SELECT * FROM $category");
while($row = $result->fetch_array()){
$tables[] = $row[0];
}
print_r($tables);
First of all your design to connect to a database is not that good, Please check the below code for a proper way of connecting to it.
<?php
$con=mysqli_connect("localhost","root","","db_cat");
//servername,username,password,dbname
if (mysqli_connect_errno())
{
echo "Failed to connect to MySql: ".mysqli_connect_error();
}
?>
Here is a sample code of getting data from a table ( where this table name is in another table).
$get_table_name ="SELECT TableName FROM table_name";
$get_name=mysqli_query($con,$get_table_name);
$count=0;
while($row_name=mysqli_fetch_array($get_name)){
$count++;
$tbName=$row_name['TableName'];
$_SESSION['table_name'][count]=$tbName;
}
This will show you how to fetch data from one table. You can use a For loop to get all the tables
$table=$_SESSION['table_name'][1];
$get_table ="SELECT * FROM $table";
.... // Normal way of fetching data
You can try to adjust your code according to this and improve it.
For further reference please refer http://php.net/manual/en/book.mysqli.php

Display amount of registered users in MySQL database using PHP

I want to display the current amount of users registered in my database (it's called dalton) / the users are stored in a table in that database called simpleauth_players. It stores their name, hash, registerdate, logindate, and lastip.
I want to somehow use a PHP code that (logs me into the database) and displays the current amount of names in the database. So I can display a message like "Hey, there is currently 1,894 registered players!" inside of my HTML/PHP page. I'm kinda a novice it would be awesome if somebody could share the code and instructions.
My code:
$connection = mysql_connect('host', 'username', 'password');
mysql_select_db('database');
$query = "SELECT * FROM simpleauth_players";
$result = mysql_query($query);
$registered = "SELECT COUNT(*) FROM dalton.tables WHERE simpleauth_players = 'name' and TABLE_TYPE='BASE TABLE';
echo "$registered";
mysql_close();
This is the code I used to display the amount of registered players (AKA rows) in the simpleauth_players table.
<?php
$link = mysql_connect("localhost", "username", "password");
mysql_select_db("dalton", $link);
if ($_GET['task'] == 'total') {
$get_db = 'simpleauth_players';
$result = mysql_query("SELECT * FROM $get_db", $link);
echo '{"task":"total","amount":"';
echo mysql_num_rows($result);
echo '"}';
}
?>
select count(*) as total_player from simpleauth_players
OR
$sql = "select * from simpleauth_players";
$result = mysqli_query($con,$sql);
$count = mysqli_num_rows();
echo "Total ".$count." Players";
Try this one assumed that your column name is language
SELECT COUNT(*) FROM simpleauth_players WHERE language = "PHP"
or if you want to get count by each language type you can use this
SELECT COUNT(DISTINCT user_id) AS Count,language FROM simpleauth_players GROUP BY language
As per your original post/question Since you have not provided us with the MySQL API you're using to connect with, here's an mysqli_ version, using MySQL's aggregate COUNT() function, which will count the number of given rows in a table:
$connection = mysqli_connect('host', 'username', 'password', 'database');
$result = mysqli_query($connection, "SELECT COUNT(*) as count
FROM simpleauth_players"
);
while ($row = mysqli_fetch_array($result)) {
$var = $row['count'];
echo "There are currently " .$var. " users.";
}
Edit: if using mysql_
$connection = mysql_connect('host', 'username', 'password');
if (!$connection) {
die('Not connected : ' . mysql_error());
}
$db_selected = mysql_select_db('database', $connection);
if (!$db_selected) {
die ('Can\'t use database : ' . mysql_error());
}
$result = mysql_query("SELECT COUNT(*) as count
FROM simpleauth_players", $connection);
while ($row = mysql_fetch_array($result)) {
$var = $row['count'];
echo "There are currently " .$var. " users.";
}

mySQL statement not running in PHP variable declaration

In the following code I'm attempting to connect to my database, pull the maximum ID from my table and then generate a random number using the the rand() function. The code successfully connects me to the the database but when I try to call for the maximum ID it won't return a value.
When I try to echo the variable, it returns SELECT MAX(id) FROM 'file'.
<?php
// Connect to the database
$dbLink = new mysqli('localhost', 'username', 'password', 'database');
if(mysqli_connect_errno()) {
die("MySQL connection failed: ". mysqli_connect_error()); }
$amount = "SELECT MAX(id) FROM 'table'";
$rannmr = rand(1, $amount);
// Close the mysql connection
mysqli_close($dbLink);
?>
Any help in resolving this would be appreciated.
When I try to echo the variable, it returns SELECT MAX(id) FROM 'file'.
Firstly, you are using the wrong identifier for FROM 'table' being single quotes.
If table is indeed the table's name, wrap it in backticks, your question shows file.
$amount = "SELECT MAX(id) FROM `table`";
Either way, you cannot use quotes around a table name. It appears you are using file as your table name.
So if table is only an example and it is called file let's just say, you would do:
$amount = "SELECT MAX(id) FROM `file`";
or
$amount = "SELECT MAX(id) FROM file";
Then, you also need to query, using mysqli_query() which you are not doing.
$amount = mysqli_query($dbLink,"SELECT MAX(id) FROM `file`");
Or Object oriented style:
$amount = $dbLink->query("SELECT MAX(id) FROM `file`");
if($amount){
echo "Success!";
}else{
die('Error : ('. $dbLink->errno .') '. $dbLink->error);
}
See example #1 from http://php.net/manual/en/mysqli.query.php
Use or die(mysqli_error($dbLink)) to mysqli_query() which would have signaled the error.
http://php.net/manual/en/mysqli.error.php
Edit:
Try the following. You may need to modify $row[0] and rand(0,$count) as 1 depending on the column number.
$result = $dbLink->query("SELECT MAX(id) FROM mytable")
while ($row=$result->fetch_row()) { $count = $row[0]; }
$random = rand(0,$count);
echo $random;
use this:
$amount = "SELECT MAX(id) FROM table";
You forgot to execute the MySQL-query:
$amount = $dbLink->query("SELECT MAX(id) FROM table")->fetch_assoc();
$rannmr = rand(1, $amount[0]);
You never executed the query, you need more logic
if ($result = mysqli_query($dbLink, "SELECT MAX(id) as amount FROM `table`")) {
printf("Select returned %d rows.\n", mysqli_num_rows($result));
if ($row = mysqli_fetch_assoc($result)) {
$amount = $row['amount'];
$rannmr = rand(1, $amount);
}else{
echo 'no row found';
}
}
mysqli_close($dbLink);
I didn't seem to see the line of code which actually does the query:
Try this: Using the object-oriented mysqli approach
<?php
// Connect to the database
$dbLink = new mysqli('localhost', 'username', 'password', 'database');
if(mysqli_connect_errno()) {
die("MySQL connection failed: ". mysqli_connect_error()); }
$amount = "SELECT MAX(id) as max_id FROM 'table'";
// Do the actual query :
$run_query = $dbLink->mysql->query($amount);
// Retrieve the values:
$result = $run_query->fetch_array();
// Do the rand function together with the retrieved value
$rannmr = rand(1, $result['max_id']);
// Now you can echo the variable:
echo $rannmr;
// Close the mysql connection
mysqli_close($dbLink);
?>
Thanks!!

i want to execute a saved query in the database

I want to execute a query that i saved in my database like this:
ID | NAME | QUERY
1 | show_names | "SELECT names.first, names.last FROM names;"
2 | show_5_cities | "SELECT cities.city FROM city WHERE id = 4;"
Is this possible ?
I am kinda noob in php so plz explain if it is possible.
If I understand you correctly, you have your queries saved in the database in a table and you want to execute those.
Break the problem down: you have two tasks to do:
Query the database for the query you want to run.
Execute that query.
It's a bit meta, but meh :)
WARNING: the mysql_ functions in PHP are deprecated and can be dangerous in the wrong hands.
<?php
if (!$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')) {
die('Could not connect to mysql');
}
if (!mysql_select_db('mysql_dbname', $link)) {
die('Could not select database');
}
$name = "show_5_cities"; // or get the name from somewhere, e.g. $_GET.
$name = mysql_real_escape_string($name); // sanitize, this is important!
$sql = "SELECT `query` FROM `queries` WHERE `name` = '$name'"; // I should be using parameters here...
$result = mysql_query($sql, $link);
if (!$result) {
die("DB Error, could not query the database\n" . mysql_error(););
}
$query2 = mysql_fetch_array($result);
// Improving the code here is an exercise for the reader.
$result = mysql_query($query2[0]);
?>
if you did create a stored procedure/function you can simply use:
mysql_query("Call procedure_name(#params)")
Thats will work. reference here: http://php.net/manual/en/mysqli.quickstart.stored-procedures.php
Querying the table to get the query, then executing that query and looping through the results and outputting the fields
<?php
$link = mysqli_connect("localhost", "my_user", "my_password", "world");
/* check connection */
if (mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$RequiredQuery = intval($_REQUEST['RequiredQuery']);
$sql = "SELECT `QUERY` FROM QueryTable WHERE ID = $RequiredQuery";
$result = mysqli_query($link, $sql);
if ($row = mysqli_fetch_assoc($result))
{
$sql = "SELECT `QUERY` FROM QueryTable WHERE ID = $RequiredQuery";
$result = mysqli_query($link, $row['QUERY']);
while ($row2 = mysqli_fetch_assoc($result))
{
foreach($row2 AS $aField=>$aValue)
{
echo "$aField \t $aValue \r\n";
}
}
}
?>
just open the Table and get the individual query in a variable like
$data = mysql_query('SELECT * FROM <the Table that contains your Queries>');
while(($row = mysql_fetch_row($data)) != NULL)
{
$query = $row['Query'];
mysql_query($query); // The Query from the Table will be Executed Individually in a loop
}
if you want to execute a single query from the table, you have to select the query using WHERE Clause.

Strange output for simple php mysql search

I am trying to Build a simple search that first grabbs 'query' from a form passed from a HTML form through the url to this script. Once I run the script I get the output: Resource id #140Resource id #141Resource id #142. Why am I getting this output and what does it mean?
Side note I am just using the "echo" as a way to see the output of each variable.
<?php
//connect to database
mysql_connect("localhost", "user", "password") or die("Error connecting to database: " .mysql_error());
mysql_select_db("dataBase") or die(mysql_error());
?>
<?php
$query = $_GET['query'];
// gets value sent over search form
$user_id = mysql_query("SELECT id FROM users WHERE email = '$query'") or die(mysql_error());
echo $user_id;
$account_id = mysql_query("SELECT 'account_id' FROM accounts_users WHERE 'user_id' LIKE ('$user_id')") or die(mysql_error());
echo $account_id;
$user_name = mysql_query("SELECT 'account_name' FROM accounts WHERE 'id' LIKE ('$account_id')") or die(mysql_error());
echo $user_name;
?>
This is not the way to print the results. The method mysql_query returns a resource that you have to use within a loop to actually print the results. For instance, loop at the second example in the official doc page.
P.S. $query = $_GET['query']; using this statement you could have Sql injections problems.
Try something similar to this - after first "SELECT" query :
while($user_id_obj = mysql_fetch_object($user_id))
{
echo $user_id_obj->id;
}
The way you implemented leads to SQL Injection Attacks
SQL Injection Attacks Example
This could be possible in two ways.Which is usefull for you is depends on your requirements.
1.if your query contains a single value as a result then following code with changes in your code will be usefull for you.
<?php
//connect to database
mysql_connect("localhost", "user", "password") or die("Error connecting to database: " .mysql_error());
mysql_select_db("dataBase") or die(mysql_error());
?>
<?php
$query = $_GET['query'];
// gets value sent over search form
$result_user = mysql_query("SELECT id FROM users WHERE email = '$query'") or die(mysql_error());
if (!$result_user) {
die('Could not query:' . mysql_error());
}
$user_id=mysql_result($result_user,0); // outputs first user's id
echo $user_id;
$result_accountuser = mysql_query("SELECT 'account_id' FROM accounts_users WHERE 'user_id' LIKE ('$user_id')") or die(mysql_error());
if (!$result_accountuser) {
die('Could not query:' . mysql_error());
}
$account_id=mysql_result($result_accountuser,0); // outputs first accounts_users's account_id
echo $account_id;
$result_account = mysql_query("SELECT 'account_name' FROM accounts WHERE 'id' LIKE ('$account_id')") or die(mysql_error());
if (!$result_account) {
die('Could not query:' . mysql_error());
}
echo mysql_result($result_account,0); // outputs first accounts's account_name
?>
2.Or your query contains more than one result or more than one rows than following changes in your code will help you
<?php
//connect to database
mysql_connect("localhost", "user", "password") or die("Error connecting to database: " .mysql_error());
mysql_select_db("dataBase") or die(mysql_error());
?>
<?php
$query = $_GET['query'];
// gets value sent over search form
$result_user = mysql_query("SELECT id FROM users WHERE email = '$query'") or die(mysql_error());
while($row=mysql_fetch_array($result_user))
{
$user_id = $row['id'];
echo $user_id;
}
$result_accountuser = mysql_query("SELECT 'account_id' FROM accounts_users WHERE 'user_id' LIKE ('$user_id')") or die(mysql_error());
while($row=mysql_fetch_array($result_accountuser))
{
$account_id = $row['account_id'];
echo $account_id;
}
$result_account = mysql_query("SELECT 'account_name' FROM accounts WHERE 'id' LIKE ('$account_id')") or die(mysql_error());
while($row=mysql_fetch_array($result_account))
{
echo $row['account_name'];
}
?>

Categories