Syntax error in MySQL statement - php

EDIT: I know the error is somewhere here:
$connection = #mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = #mysql_select_db($db_name,$connection) or die(mysql_error());
$sql = "SELECT * FROM authorize WHERE username = '$_SESSION[user_name]' and password = '$_SESSION[password]'";
$result = #mysql_query($sql, $connection) or die(mysql_error());
$num = mysql_num_rows($result);
$lstbalance = 0;
$balance = 0;
//set session variables if there is a match
if ($num != 0)
{
while ($sql = mysql_fetch_object($result))
{
$lstbalance = $sql -> lostbalance;
$balance = $sql -> balance;
}
}
if ($win==true)
{
$sql = "update users set lostbalance='($lstbalance+(($payouts[$result1.\'|\'.$result2.\'|\'.$result3])*(int)$_POST[\'bet\']))' WHERE username = '$_SESSION[user_name]' and password = '$_SESSION[password]'";
}
else
{
$sql = "update users set lostbalance='(lstbalance-(int)$_POST[\'bet\'])' WHERE username = '$_SESSION[user_name]' and password = '$_SESSION[password]'";
}
$result = #mysql_query($sql, $connection) or die(mysql_error());
I was able to narrow down the error to this piece of code, help appreciated. Regards.
When I comment it out everything seems to work all the connect variables are from a different file and are valid.

$lostbalance = $lstbalance+(($payouts[$result1])*(int)$_POST['bet']));
$sql = "update users set lostbalance='$lostbalance' WHERE username = '".$_SESSION['user_name']."' and password = '".$_SESSION['password']."'";
i dont understand about ur code on $payout[$result1.\'|\'.$result2.\'|\'.$result3]

Related

extracting info from database to html page error

i'm very new to PHP so i apologize if this is a simple fix but i'm experiencing a weird issue. I've created a website that uses facebook authentication. once they login, their information gets stored in a database I've created. i then created some functions that display the users facebook image and name on the profile page of my website. problem is sometimes it shows, and other times i receive this error. "notice: undefined index: fbid in /PATH/ on line 132". Here is the code.
<div id="userInfo" class="userInfo">
<h1> <?php
$dbHost = "localhost";
$dbUsername = "root";
$dbPassword = "root";
$dbName = "facebooklogin";
$conn = new mysqli($dbHost, $dbUsername, $dbPassword, $dbName);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT first_name, last_name, picture FROM users WHERE
oauth_uid = '".$_SESSION['fbid']."'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo " ". $row["first_name"]." ". $row["last_name"]."";
}
} else {
echo "0 results";
}
$conn->close();
?></h1>
userData.php
<?php
session_start();
include 'dbConfig.php';
$userData = json_decode($_POST['userData']);
if(!empty($userData)){
$oauth_provider = $_POST['oauth_provider'];
$_SESSION['fbid'] = $userData->id;
var_dump($_SESSION);
$prevQuery = "SELECT * FROM users WHERE oauth_provider =
'".$oauth_provider."' AND oauth_uid = '".$userData->id."'";
$prevResult = $db->query($prevQuery);
if($prevResult->num_rows > 0){
$query = "UPDATE users SET first_name = '".$userData-
>first_name."', last_name = '".$userData->last_name."', email =
'".$userData->email."', gender = '".$userData->gender."', locale =
'".$userData->locale."', picture = '".$userData->picture->data->url."',
link = '".$userData->link."', modified = '".date("Y-m-d H:i:s")."'
WHERE oauth_provider = '".$oauth_provider."' AND oauth_uid =
'".$userData->id."'";
$update = $db->query($query);
}else{
$query = "INSERT INTO users SET oauth_provider =
'".$oauth_provider."', oauth_uid = '".$userData->id."', first_name =
'".$userData->first_name."', last_name = '".$userData->last_name."',
email = '".$userData->email."', gender = '".$userData->gender."',
locale = '".$userData->locale."', picture = '".$userData->picture-
>data->url."', link = '".$userData->link."', created = '".date("Y-m-d
H:i:s")."', modified = '".date("Y-m-d H:i:s")."'";
$insert = $db->query($query);
}
}
?>
It seems that you don't have the variable set when you use it in the query.
Check it before the query, like:
if (isset($_SESSION['fbid'])) {
$sql = "SELECT first_name, last_name, picture FROM users WHERE
oauth_uid = '".$_SESSION['fbid']."'";
$result = $conn->query($sql); } else {
// not logged in
}
To check the values of $_SESSION, just do a var_dump($_SESSION) and you can see what is set.

PHP and SQL(Trying to update my database using submit button)

I am trying to update my feedback in my SQL database form with help of submit button but I'm unable to do so. Please help!
if (isset($_POST['submitreport']))
{
$dbCon = mysqli_connect("localhost","root","","Hun");
$report = strip_tags($_POST['report']);
$sql = "UPDATE Feedback SET report='$report' WHERE username='$username' AND date='$date' ";
$query = mysqli_query($dbCon, $sql);
}
<?php
if (isset($_POST['submitreport']))
{
$monthDayYear = date('m-d-Y');
$dbConnnection = mysqli_connect("localhost","root","","Hun");
$dbUsername = strip_tags($_POST['report']);
$sqlQuery = "UPDATE Feedback SET report='".$report."' WHERE username='".$username."' AND date='".$monthDayYear."'";
$queryExecute = mysqli_query($dbConnection, $sqlQuery);
}
?>
<?php
if (isset($_POST['submitreport']))
{
$dbCon = mysqli_connect("localhost","root","","Hun");
$username = 'test';
$report = strip_tags($_POST['report']);
$date = date('m-d-Y');
$sql = "UPDATE Feedback SET report='".$report."' WHERE username='".$username."' AND date='".$date."'";
$query = mysqli_query($dbCon, $sql);
}
?>

PHP Warning: mysqli_fetch_assoc() expects exactly 1 parameter, 3 given in

I get this error, I tried going through other similar threads but it didn't help.
here is php
$host = "http://www.example.net";
$hostname = "localhost";
$username = "aaa";
$password = "sss";
$userstable = "ddd";
$dbName = "fff";
if ($url != $host){
$con = mysqli_connect($hostname, $username, $password, $dbName);
//#mysqli_select_db("$dbName");
// Check connection
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = mysqli_fetch_row(mysqli_query($con, "SELECT * FROM $userstable where(url = '$url')"));
if ($query == false){
$hits = "1";
$query2 = "INSERT INTO $userstable (url,hits) VALUES('$url','$hits')";
}
else {
$hitquery = "SELECT `hits` FROM $userstable where url = '$url'";
$result = mysqli_query($con, $hitquery);
$hits = mysqli_fetch_assoc($result, 0, 'hits');
//$hits = mysqli_result(mysqli_query("SELECT `hits` FROM $userstable where url = '$url'"), 0, "hits");
$query2 = "UPDATE $userstable SET `hits` = hits+1 where url = '$url'";
}
mysqli_query($con, $query2);
}
if(!$url) {
$url = "$host";
}
eror generate on line 157
$hits = mysqli_fetch_assoc($result, 0, 'hits');
How to fix this mysqli?
Syntax mysqli_fetch_assoc is:
array mysqli_fetch_assoc ( mysqli_result $result )
Try (for PHP >=5.4):
$hits = mysqli_fetch_assoc($result)['hits'];
From the codes, I see that you want to UPDATE the final records from hits.
$hitquery = "SELECT * FROM $userstable where url = '$url'";
$result = mysqli_query($con, $hitquery);
while(null !== ($hits= mysqli_fetch_assoc($result))) {
$query2 = "UPDATE $userstable SET `hits` = hits+1 where url = '$url'";
}

Can't sign up using my DB

I need to make a Sign in form for my website. And I have to use MySQLi because MySQL will cause decaprated on my try.
So, here's the index.php code:
<?php
session_start();ob_start();
$con=mysqli_connect("localhost","root","","oos");
if (mysqli_connect_errno()) echo "Failed to connect to MySQL: " . mysqli_connect_error();
if(isset($_POST['signin']))
{
$username = $_POST['userid'];
$pass = $_POST['password'];
$query1 = "select * from admintb where adID = '$username' and adPass = 'password' ";
$result1 = mysqli_query($con,$query1) or die;
$co=0;
while($row=mysqli_fetch_assoc($result1)) $co++;
if($co==1)
{
$_SESSION['a']=$username;
header("Location: main_menu.php");
}
} ?>
The problem is, when I make $username="admin" and $password = "admin", it will go to main_menu.php alright. But when I try to do as above, base on my database, it won't go to main_menu.php.
How can I sign in, go to the main_menu.php using ID from my database?
Sorry, I already checked it, it's a stupid mistake. Inside this snippet:
$username = $_POST['userid'];
$pass = $_POST['password'];
$query1 = "select * from admintb where adID = '$username' and adPass = 'password' ";
$result1 = mysqli_query($con,$query1) or die;
fix to this:
$query1 = "select * from admintb where adID = '$username' and adPass = '$pass' ";

nested if loop partially working

What I am trying to do is simply display the row values. Now suppose if the field 'head_office' dont have the value 'H.O' then I want to display the values of the last row. I tried but cant find any solution. Here is my code: (I have only blocked the php part)
<?php
$mysql_host = 'localhost';
$mysql_user = 'root';
$mysql_password = '123';
$mysql_database = 'sdbms';
$setup_page = './myinstitute.php';
$db = mysql_connect($mysql_host, $mysql_user, $mysql_password);
mysql_select_db($mysql_database, $db);
if(isset($_REQUEST['id'])){
$id=$_REQUEST['id'];
$sql = "SELECT * FROM institute WHERE id =$id";
$result = mysql_query($sql, $db);
$row = mysql_fetch_array($result);
}
else if(!isset($_REQUEST['id'])){
$sql = 'SELECT * FROM institute WHERE head_office ="H.O"';
$result = mysql_query($sql, $db);
$row = mysql_fetch_array($result);
}
else{
$sql="SELECT * FROM institute";
$result = mysql_query($sql, $db);
$n = mysql_num_rows($result); //counting number of rows
if($n==0){
header('Location: '.$setup_page);
}
else{
$sql = 'SELECT * FROM institute ORDER BY id DESC LIMIT 1';
$result = mysql_query($sql, $db);
$row = mysql_fetch_array($result);
}
}
?>
<?php
$mysql_host = 'localhost';
$mysql_user = 'root';
$mysql_password = '123';
$mysql_database = 'sdbms';
$setup_page = './myinstitute.php';
$db = mysql_connect($mysql_host, $mysql_user, $mysql_password);
mysql_select_db($mysql_database, $db);
$row = array();
if(isset($_REQUEST['id'])) {
$id = (int) $_REQUEST['id'];
if(!empty($id)) {
$sql = "SELECT * FROM institute WHERE id =$id";
$result = mysql_query($sql, $db);
$row = mysql_fetch_array($result);
}
} else {
$sql = 'SELECT * FROM institute WHERE head_office = "H.O"';
$result = mysql_query($sql, $db);
$row = mysql_fetch_array($result);
}
if(!isset($_REQUEST['id']) && empty($row))
$sql = "SELECT * FROM institute";
$result = mysql_query($sql, $db);
$n = mysql_num_rows($result); //counting number of rows
if($n == 0) {
header('Location: ' . $setup_page);
} else {
$sql = 'SELECT * FROM institute ORDER BY id DESC LIMIT 1';
$result = mysql_query($sql, $db);
$row = mysql_fetch_array($result);
}
}
?>
As $_REQUEST['id'] can only have 2 status, isset and !isset, the else statement will never be used.
I don't understand very well how do you want to do, but it's illogic: the three step don't execute ever. Try it:
if(isset($_REQUEST['id'])){
$id=$_REQUEST['id'];
$sql = "SELECT * FROM institute WHERE id =$id";
$result = mysql_query($sql, $db);
$row = mysql_fetch_array($result);
}
else if(!isset($_REQUEST['id'])){
$sql = 'SELECT * FROM institute WHERE head_office ="H.O"';
$result = mysql_query($sql, $db);
$row = mysql_fetch_array($result);
}
if(count($row)<=0) {
$sql="SELECT * FROM institute";
$result = mysql_query($sql, $db);
$n = mysql_num_rows($result); //counting number of rows
if($n==0){
header('Location: '.$setup_page);
}
else{
$sql = 'SELECT * FROM institute ORDER BY id DESC LIMIT 1';
$result = mysql_query($sql, $db);
$row = mysql_fetch_array($result);
}
}
Enjoy your code.

Categories