This question already has answers here:
why this mysql query is not working?
(7 answers)
Closed 8 years ago.
Please help me regarding the specified problem:
The code section:
$result = mysql_query("SELECT *, UNIX_TIMESTAMP(eventdate) AS eventdate,
UNIX_TIMESTAMP(throughdate) AS throughdate FROM events where
id='$_GET[id]' ORDER BY eventdate");
// the above query is not working
if (! $result) {
echo mysql_errno() . ": " . mysql_error(). "\n";
}
if ( mysql_num_rows($result) == 0 ) {
print "<p>No events right now.</p>\n";
}
else {
$lasteventmonth = '';
while ($row = mysql_fetch_array($result)) {
$eventmonth="";
$eventmonth = date("F Y",$row['eventdate']);
if ($lasteventmonth != $eventmonth) {
print "<p style='font-size: 18px;'><b>$eventmonth</b></p>";
}
$lasteventmonth = $eventmonth;
showEvent($row);
}
}
?>
........................
........................//other codes
when the code evaluates as follows:
No events right now.
But specific id is present in the database and if $_GET['id'] is echoed in the page the value is shown.
what is id in id='$_GET[id]' at the beginning?
If you have a query http:// ... ?id=123, I would put id in quotes. Having said that, better like this:
$id = mysql_real_escape_string($_GET['id']); // safe against SQL injection
$sql = "SELECT *, UNIX_TIMESTAMP(eventdate) AS eventdate, UNIX_TIMESTAMP(throughdate) AS throughdate FROM events where id='$id' ORDER BY eventdate";
$result = mysql_query($sql);
If you are still getting trouble, use echo to check the variables $id and $result before the query runs; then you will have a clearer idea why it is not running the query you expect.
I am sure id=$_GET[id] is checking an int versus an int where you have it checking an int vs a string. Remove the single quotes around $_GET['id'] and try again. The single quotes define it as a string rather than an int.
Related
I am trying to get the details of a person using their id, I have the following code and it's showing me an error.
$id = isset($_GET['id']) ? isset($_GET['id']) : "";
$sql = "SELECT * FROM `ArtListing` where `id` = $id";
$result = $conn->query($sql);
if (!$result) {
die("Query failed " . $conn->error);
}
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
echo $row["id"] . "." . $row["name"] ;
}
If I use where the id is some random number like it gives me back the details. The error it's showing me is as following
Query failed You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
It looks like the id you grabbing is undefined.
You should assign the $id variable as:
$id = isset($_GET['id']) ? $_GET['id'] : "0";
You cannot simply put variable inside a string
You need to properly concatinate it to become a part of a sting as follows
$sql = "SELECT * FROM `ArtListing` where `id` = '".$id."'";
You can test this code here
https://www.tehplayground.com/3HcoDppV0jAqdCYP
Take a look at combination of double quotes and single quotes.
Your SQL query string is created as follows
SELECT * FROM `ArtListing` where `id` = yourid; <-- incorrect
Whereas as per SQL syntax there should be single quotes
SELECT * FROM `ArtListing` where `id` = 'yourid'; <-- check single quotes around 'yourid'
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
How can I prevent SQL injection in PHP?
(27 answers)
Closed 2 years ago.
Expected result:
Loop through all entries in the checkedout table, and select the entry from the game table where the barcode field is the same.
Actual behaviour / issue:
For the most part, this is working as intended. If I set the barcode field to a numerical value in the game table, and then "checkout" that barcode, everything works as intended. The barcodes I'll be using are in the format of ABC12345678. Once I change the values in the barcode field, in the game table to the alphanumeric version, it no longer runs the secondary select statement and displays this error: Fatal error: Call to a member function fetch_assoc() on boolean which refers to the following line: while ($row2 = $result2->fetch_assoc()) {
Oddly enough, if I run the exact same select statement SELECT * FROM game WHERE barcode = 'ABC12345678' on the MySQL instance, it returns the proper results.
Question
Do I need to be using a different method to select based on the value now being alphanumeric? Do I need to manipulate the data in some way?
Code:
$sql = "SELECT * FROM checkedout";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
$userid = $row["userid"];
$barcode = $row["barcode"];
echo "$userid </br>";
echo "$barcode </br>";
$sql2 = "SELECT * FROM game WHERE barcode = " . $barcode . "";
$result2 = $conn->query($sql2);
while ($row2 = $result2->fetch_assoc()) {
$title = $row2["title"];
$console = $row2["console"];
echo "$title </br>";
echo "$console </br>";
}
checkedout table:
game table:
This question already has answers here:
PHP Insert data from one table to another
(2 answers)
Closed 3 years ago.
I have a simple query that is returning some results from my database, it returns 4 rows, but when I do the insert it's only doing the first row and then stopping, does not seem to be doing an insert for each row that is returned from the first query.
$sql = "SELECT t.ID AS 'TopicID', t.seminar_id AS 'SeminarID', rl.resourceid AS 'ResourceID', r.ResourceType AS 'ResourceType'
FROM topic t
LEFT JOIN resourcelink rl ON rl.entityid = t.ID
LEFT JOIN resources r ON r.ResourceID = rl.resourceid
WHERE t.seminar_id = '124840'";
$result = mysql_query($sql);
// echo "<pre>";
// print_r($sql);
// echo "</pre>";
while($row = mysql_fetch_assoc($result))
{
$resourceID = $row['ResourceID'];
$resourceType = $row['ResourceType'];
if ($resourceID != '' && $resourceType != 1)
{
$sql_insert = "INSERT INTO resourcelink (resourceid, entityid, entitytype, linkorder, viewinplayer)
VALUES ($resourceID, $topicID, 1, 0, 0)";
$result = mysql_query($sql_insert);
}
}
The reason is that you're overwriting the $result variable when you do the first insert. So when the next iteration of the while loop calls mysql_fetch_assoc($result), it's fetching the result of the INSERT, not the result of the SELECT.
Since you never do anything with the result of the INSERT, there's no need to assign a variable. If you do need to use the result, you should use a different variable name. So change:
$result = mysql_query($sql_insert);
to
mysql_query($sql_insert) or die("Insert error: " . mysql_error());
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
I want to select query from database. if I write this code :
$selectOption = $_GET['name'];
echo $selectOption.'<br>';
$sql = "SELECT 'rpm' FROM sn WHERE power = '1s1s'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "rpm: " . $row["rpm"];
}
} else {
echo "0 results";
}
It shows me correct answer. Otherwise , if I write this :
$sql = "SELECT 'rpm' FROM 'sn' WHERE 'power' = '$selectOption'";
It shows me 0 results. any suggestion to correct above query?
You need to do two things, both are stated in comments:-
1.Use backticks(`) in your query like this:-
$sql = "SELECT `rpm` FROM `sn` WHERE `power` = '$selectOption'";
2.Prevent your query from SQL Injection. For that use prepared statement. Link is given in comment section. For your help i put it in my answer :- How can I prevent SQL injection in PHP?
This question already has answers here:
Single result from database using mysqli
(6 answers)
Closed 2 years ago.
I am trying to pull a single value from a database and assign it to a php variable. All of the mysqli functions appear to pull an entire row, while I want one value of that row (ex. ID, name, ect).
This is what I have so far:
$result = mysqli_query($con, "SELECT * FROM test_table WHRE ID='" . $_GET['ID'] . "'");
$row = $result->fetch_assoc();
$test= $row['ID'];
echo $test;
When I run the above I don't get any output; $test is unassigned. What is the correct command to assign a value to my $test variable?
You forgot a E in youy WHERE clause
$result = mysqli_query($con, "SELECT * FROM test_table WHERE ID='" . $_GET['ID'] . "'");
$row = $result->fetch_assoc();
$test= $row['ID'];
echo $test;
If your 'ID' field is a integer, quotes are not necessary.