Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
Why isn't this code working?
$welcome = mysql_query("SELECT welcome FROM users WHERE id = '" . $_SESSION['user']['id'] . "'");
if($welcome == '0')
{
echo 'register is 0';
}
else
{
echo 'register is 1';
}
$_SESSION['user']['id'] returns as 1, by the way.
MySQL returns a resource on success, false on error, not a value from the query. Try this:
$welcome = mysql_query("SELECT welcome FROM users WHERE id = '" . $_SESSION['user']['id'] . "'");
$row = mysql_fetch_assoc($welcome);
if($row['welcome']== '0')
{
echo 'register is 0';
}
else
{
echo 'register is 1';
}
You shouldn't build your query like that as you'll not be protected from a SQL Injection Attack.
$query = sprintf("SELECT welcome FROM users WHERE id = %d", $_SESSION['user']['id']);
// Perform Query
$result = mysql_query($query);
Once that has finished you then need to fetch from the result, you cannot just query it.
if(!$result)
echo "Error"; // Deal with it
$row = mysql_fetch_assoc($result);
echo $row['welcome'];
mysql_free_result($result);
According to MySQL documentation, the resource is returned if the select statement is successful, or 'false' if the statement fails.
Although there's a better, more secure way to achieve what you are trying to accomplish, your statement can be revised simply to :
if($welcome === false)
{
echo 'register is 0';
}
else
{
echo 'register is 1';
}
That will work, but as I said earlier, the whole code needs to be updated to a more secure version.
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
I have two submit buttons that get values from two forms and insert them in a database. The problem is that I need to get the last inserted id from the first table (courses) to insert into the second table (students) but it does not work. This what I did:
<?php
$course_name = // the value of the field for the course name
$student_name = // The first name of the student
$student_age = // The age of the student
$last_id = // The last id of table courses
if(isset($_POST['submit1'])){
$query1 = "INSERT INTO courses (course_name)VALUES ('$course_name')";
if ($object->query($query1) === true){
$last_id = LAST_INSERT_ID();
$good = "the course has been created";
}
else{
$bad = "Error: " .$query1.$object->error;
}
}
if(isset($_POST['submit2'])){
$query2 = "INSERT INTO students (course_id,student_name, student_age)VALUES ('last_id','$student_name','student_age')";
if ($object->query($query2) === true){
$good = "the student has been created";
}
else{
$bad = "Error: " .$query2.$object->error;
}
}
?>
I do not know why it does not work.
You have not mentioned if you are using PDO or mysqli etc etc. If it's mysqli it $mysqli->insert_id;
if ($object->query($query1) === true){
$last_id = $object->insert_id
$good = "the course has been created";
}
OTH, if you are using PDO it's lastInsertId
if ($object->query($query1) === true){
$last_id = $object->lastInsertId()
$good = "the course has been created";
}
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I got this comment viewer script. And I'm requesting help to find an issue why it's not working. PHP doesn't show any errors. I don't know what wrong with it.
My MySQL databases looks like this:
comments { authorid, content, _when, }
users { id, firstname, name, nickname, password }.
echo "<div id='comments'>";
$sql_comments = "SELECT * FROM table.comments";
$comments = $conn->query($sql_comments);
$sql_2 = "SELECT id, firstname, name, nickname, password, type FROM users.users";
$conn2_2 = $conn->query($sql_2);
$row6 = $conn2_2 -> fetch_array();
while( $row5 = $comments -> fetch_array() && $id_users = $row6["id"] &&
$firstname_users = $row6["firstname"] && $name_users = $row6["name"]) {
if( $id_users == $row5["authorid"] ) {
echo "<div class=\"infoComments\">";
echo "<div class=\"commentsImg\"><img src=\"imgs/randomProfileImgs/$ranNum.png\" id=\"profileImg\" /></div>";
echo "<div class=\"commentsInfo\">" . $firstname_users . "<br />" . $name_users . "</div>";
echo "<div class=\"commantsContent\">" . $row5["content"] . "</div>";
echo "</div>";
};
};
echo "</div>";
Any ideas?
You state that your users table contains the following columns.
id, firstname, name, nickname, and password
You then proceed to put together a query that attempts to pull the type column out.
// bad sql query, tries to get 'type' but that column doesnt exist
$sql_2 = "SELECT id, firstname, name, nickname, password, type FROM users.users";
// query() will return false because theres a problem
$conn2_2 = $conn->query($sql_2);
// this is now a boolean because of the above issue
$row6 = $conn2_2 -> fetch_array();
What you should put after the query() call is this
if (!$conn2_2) {
printf("Errormessage: %s\n", $conn->error);
exit();
}
To avoid this type of thing in the future, do yourself a huge favor and make sure php can tell you when theres a problem by putting this at the start of your scripts.
error_reporting(-1);
ini_set('display_errors', 'On');
Or, you may want to make sure that the user you're connecting to mysql with has access to the databases table, AND users
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I'm trying to write a script that does the following. Takes a users email and added's it to a database however if the users email already exists it rejects.
<?
require_once('includes/db.php');
$email = mysqli_real_escape_string($link, $_POST['email']);
$dupesql = "SELECT * FROM emails where (email = '$email')";
$duperaw = mysqli_query($link, $dupesql);
if(int mysql_num_rows($duperaw) > 0){
echo 'Error already in there';
}
else {
$sql = "INSERT INTO emails(email)
VALUES('$email')";
$result = mysqli_query($link, $sql);
header('Location: poll/poll.php');
}
// close mysql
mysqli_close($link);
?>
Why not let mysql take care of it? When you already want email to be unique, then define an unique index for email :
CREATE UNIQUE INDEX email_index ON emails (email)
now you only have to check if any rows has been affected after insert :
if (mysqli_affected_rows()>0) {
//success, email inserted
} else {
// rejected
}
By that you'll spare a call to the database and make the code more simplistic, imho.
try this
$mysqli->real_query('INSERT INTO '.$table.' ('.$cols.') VALUES ('.$vals.')');
Change your code as follow:
$dupesql = "SELECT * FROM emails where email = '$email'";
$duperaw = mysqli_query($link, $dupesql);
if(mysql_num_rows($duperaw)==1){
echo 'Error already in there';
}
You are mixing mysqli_ with mysql_ which is the main problem here.
Use mysqli_num_rows instead of mysql_num_rows
You should not mix mysqli() and mysql().
And remove int error casting.
//...
if(mysqli_num_rows($duperaw) > 0){
echo 'Error already in there';
}
//...
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
Hey why is my function not working here is the php code, its written in mysql_connect:
function isUserLoggedIn() {
global $conn;
$sql = "SELECT user_id, password FROM user
WHERE
user_id='" . fixstr($loggedInUser->user_id) . "'
AND
password='" . fixstr($loggedInUser->password) . "'
AND
active = 1
LIMIT 1";
$res = mysql_query($sql);
$rs = mysql_fetch_array($res);
if($loggedInUser($res) == NULL)
{
return false;
}
else
{
//Query the database to ensure they haven't been removed or possibly banned?
if(returns_result($sql) > 0)
{
return true;
}
else
{
//No result returned kill the user session, user banned or deleted
$loggedInUser->userLogOut();
return false;
}
}
}
The connection does return an active window but is not able to connect to any of the functions does anybody know why my code is not working?
$loggedInUser is not in the scope.
You can do one of the following:
inject $loggedInUser through method parameter.
Eg) function isUserLoggedIn($loggedInUser)
locally construct or define $loggedInUser.
Eg) $loggedInUser = (new LoggedInUserFactory)->buildLoggedInUser();
declare global $loggedInUser;
In addition to what Kita wrote, it's also not known whether $conn is valid, and perhaps if($loggedInUser($res) == NULL) should be $rs not $res? I don't know the function definition so I can't say for sure, but it looks like that's more likely
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
i have this information on my database...
Username - kam, mav, shin
Password - kam, mav, shin
this is my code...
<?php
$con=mysql_connect("localhost","root","");
mysql_select_db("nnx",$con);
$tbl2=mysql_query("SELECT * FROM tablename WHERE `username` =
'".mysql_real_escape_string($_POST['username'])."' and `password` =
'".mysql_real_escape_string($_POST['password'])."'");
while($row=mysql_fetch_array($tbl2))
if (($row['username']==$_POST['username'])&&($row['password']==$_POST['password']))
{
echo " ";
}
if (($row['username']!=$_POST['username'])&&($row['password']!=$_POST['password']))
{
header("location: /login.php?codeError=1");
die;
}
?>
the problem is, if i enter the username "mav" and the password is "kam", it still go through the next page. What should i do?
You should just check if the query returns any rows with mysql_num_rows():
$con=mysql_connect("localhost","root","");
mysql_select_db("nnx",$con);
$tbl2 = mysql_query("SELECT `username`, `password` FROM `tablename` WHERE
`username` = '".mysql_real_escape_string($_POST['username'])."' AND
`password` = '".mysql_real_escape_string($_POST['password'])."'
");
$rows = mysql_num_rows($tbl2);
if($rows){
// user and password exists in db
} else {
// does not exist
header("location: /login.php?codeError=1");
die;
}
Like I told you in previous question, try to move from mysql_* functions.
Just a suggestion but why not try it this way:
if (($row['username']==$_POST['username'])&&($row['password']==$_POST['password']))
{
echo " ";
}else{
header("location: /login.php?codeError=1");
die;
}
I don't understand why you need two if statements here, it's only boolean and the result will either be true or false.
Hope this helps :)!
You are checking for validation already in your query. If the user entered username and password correctly and only then, the query returns a row, containing that data.
So you only have to count the rows returned bye your Query. If it is below 1, then the user is not authenticated
Try
if (($row['username']==$_POST['username'])&&($row['password']==$_POST['password']))
{
echo " ";
}
else
{
header("location: /login.php?codeError=1");
die();
}
Anyway, a nice way to address this kind of issues is temporary printing on screen the variables (as a debug).
echo $row['username']." ".$_POST['username']." ".$row['password']." ".$_POST['password']
see if the variables are actually there of if there are issues with your DB query or with the form that posts the data.